Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / 884cf26d792e5bb9681212d547a615af1992f3c9 / . / src / vnet / devices / dpdk / ipsec / ipsec.h
blob: e6c7498c0d3da121dea6eec31fe5b2b47da0823a [file] [log] [blame]
/*
* Copyright (c) 2016 Intel and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef __DPDK_IPSEC_H__
#define __DPDK_IPSEC_H__
#include <vnet/vnet.h>
#undef always_inline
#include <rte_crypto.h>
#include <rte_cryptodev.h>
#if CLIB_DEBUG > 0
#define always_inline static inline
#else
#define always_inline static inline __attribute__ ((__always_inline__))
#endif
#define MAX_QP_PER_LCORE 16
typedef struct
{
u32 salt;
u32 iv[2];
u32 cnt;
} dpdk_gcm_cnt_blk;
typedef struct
{
dpdk_gcm_cnt_blk cb;
union
{
u8 aad[12];
u8 icv[64];
};
} dpdk_cop_priv_t;
typedef struct
{
u8 cipher_algo;
u8 auth_algo;
u8 is_outbound;
} crypto_worker_qp_key_t;
typedef struct
{
u16 dev_id;
u16 qp_id;
u16 is_outbound;
i16 inflights;
u32 bi[VLIB_FRAME_SIZE];
struct rte_crypto_op *cops[VLIB_FRAME_SIZE];
struct rte_crypto_op **free_cops;
} crypto_qp_data_t;
typedef struct
{
u8 qp_index;
void *sess;
} crypto_sa_session_t;
typedef struct
{
crypto_sa_session_t *sa_sess_d[2];
crypto_qp_data_t *qp_data;
uword *algo_qp_map;
} crypto_worker_main_t;
typedef struct
{
struct rte_mempool **cop_pools;
crypto_worker_main_t *workers_main;
} dpdk_crypto_main_t;
dpdk_crypto_main_t dpdk_crypto_main;
extern vlib_node_registration_t dpdk_crypto_input_node;
#define CRYPTO_N_FREE_COPS (VLIB_FRAME_SIZE * 3)
static_always_inline void
crypto_alloc_cops ()
{
dpdk_crypto_main_t *dcm = &dpdk_crypto_main;
u32 cpu_index = os_get_cpu_number ();
crypto_worker_main_t *cwm = &dcm->workers_main[cpu_index];
unsigned socket_id = rte_socket_id ();
crypto_qp_data_t *qpd;
/* *INDENT-OFF* */
vec_foreach (qpd, cwm->qp_data)
{
u32 l = vec_len (qpd->free_cops);
if (PREDICT_FALSE (l < VLIB_FRAME_SIZE))
{
u32 n_alloc;
if (PREDICT_FALSE (!qpd->free_cops))
vec_alloc (qpd->free_cops, CRYPTO_N_FREE_COPS);
n_alloc = rte_crypto_op_bulk_alloc (dcm->cop_pools[socket_id],
RTE_CRYPTO_OP_TYPE_SYMMETRIC,
&qpd->free_cops[l],
CRYPTO_N_FREE_COPS - l - 1);
_vec_len (qpd->free_cops) = l + n_alloc;
}
}
/* *INDENT-ON* */
}
static_always_inline void
crypto_free_cop (crypto_qp_data_t * qpd, struct rte_crypto_op **cops, u32 n)
{
u32 l = vec_len (qpd->free_cops);
if (l + n >= CRYPTO_N_FREE_COPS)
{
l -= VLIB_FRAME_SIZE;
rte_mempool_put_bulk (cops[0]->mempool,
(void **) &qpd->free_cops[l], VLIB_FRAME_SIZE);
}
clib_memcpy (&qpd->free_cops[l], cops, sizeof (*cops) * n);
_vec_len (qpd->free_cops) = l + n;
}
static_always_inline int
check_algo_is_supported (const struct rte_cryptodev_capabilities *cap,
char *name)
{
struct
{
uint8_t cipher_algo;
enum rte_crypto_sym_xform_type type;
union
{
enum rte_crypto_auth_algorithm auth;
enum rte_crypto_cipher_algorithm cipher;
};
char *name;
} supported_algo[] =
{
{
.type = RTE_CRYPTO_SYM_XFORM_CIPHER,.cipher =
RTE_CRYPTO_CIPHER_NULL,.name = "NULL"},
{
.type = RTE_CRYPTO_SYM_XFORM_CIPHER,.cipher =
RTE_CRYPTO_CIPHER_AES_CBC,.name = "AES_CBC"},
{
.type = RTE_CRYPTO_SYM_XFORM_CIPHER,.cipher =
RTE_CRYPTO_CIPHER_AES_CTR,.name = "AES_CTR"},
{
.type = RTE_CRYPTO_SYM_XFORM_CIPHER,.cipher =
RTE_CRYPTO_CIPHER_3DES_CBC,.name = "3DES-CBC"},
{
.type = RTE_CRYPTO_SYM_XFORM_CIPHER,.auth =
RTE_CRYPTO_CIPHER_AES_GCM,.name = "AES-GCM"},
{
.type = RTE_CRYPTO_SYM_XFORM_AUTH,.auth =
RTE_CRYPTO_AUTH_SHA1_HMAC,.name = "HMAC-SHA1"},
{
.type = RTE_CRYPTO_SYM_XFORM_AUTH,.auth =
RTE_CRYPTO_AUTH_SHA256_HMAC,.name = "HMAC-SHA256"},
{
.type = RTE_CRYPTO_SYM_XFORM_AUTH,.auth =
RTE_CRYPTO_AUTH_SHA384_HMAC,.name = "HMAC-SHA384"},
{
.type = RTE_CRYPTO_SYM_XFORM_AUTH,.auth =
RTE_CRYPTO_AUTH_SHA512_HMAC,.name = "HMAC-SHA512"},
{
.type = RTE_CRYPTO_SYM_XFORM_AUTH,.auth =
RTE_CRYPTO_AUTH_AES_XCBC_MAC,.name = "AES-XCBC-MAC"},
{
.type = RTE_CRYPTO_SYM_XFORM_AUTH,.auth =
RTE_CRYPTO_AUTH_AES_GCM,.name = "AES-GCM"},
{
/* tail */
.type = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED},};
uint32_t i = 0;
if (cap->op != RTE_CRYPTO_OP_TYPE_SYMMETRIC)
return -1;
while (supported_algo[i].type != RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED)
{
if (cap->sym.xform_type == supported_algo[i].type)
{
if ((cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
cap->sym.cipher.algo == supported_algo[i].cipher) ||
(cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AUTH &&
cap->sym.auth.algo == supported_algo[i].auth))
{
if (name)
strcpy (name, supported_algo[i].name);
return 0;
}
}
i++;
}
return -1;
}
#endif /* __DPDK_IPSEC_H__ */
/*
* fd.io coding-style-patch-verification: ON
*
* Local Variables:
* eval: (c-set-style "gnu")
* End:
*/