aboutsummaryrefslogtreecommitdiffstats
path: root/lib/librte_security
diff options
context:
space:
mode:
Diffstat (limited to 'lib/librte_security')
-rw-r--r--lib/librte_security/Makefile32
-rw-r--r--lib/librte_security/meson.build7
-rw-r--r--lib/librte_security/rte_security.c37
-rw-r--r--lib/librte_security/rte_security.h67
-rw-r--r--lib/librte_security/rte_security_driver.h32
-rw-r--r--lib/librte_security/rte_security_version.map2
6 files changed, 123 insertions, 54 deletions
diff --git a/lib/librte_security/Makefile b/lib/librte_security/Makefile
index bb93ec33..8daebea4 100644
--- a/lib/librte_security/Makefile
+++ b/lib/librte_security/Makefile
@@ -1,32 +1,5 @@
-# BSD LICENSE
-#
-# Copyright(c) 2017 Intel Corporation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in
-# the documentation and/or other materials provided with the
-# distribution.
-# * Neither the name of Intel Corporation nor the names of its
-# contributors may be used to endorse or promote products derived
-# from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# SPDX-License-Identifier: BSD-3-Clause
+# Copyright(c) 2017 Intel Corporation
include $(RTE_SDK)/mk/rte.vars.mk
@@ -37,6 +10,7 @@ LIB = librte_security.a
LIBABIVER := 1
# build flags
+CFLAGS += -DALLOW_EXPERIMENTAL_API
CFLAGS += -O3
CFLAGS += $(WERROR_FLAGS)
LDLIBS += -lrte_eal -lrte_mempool
diff --git a/lib/librte_security/meson.build b/lib/librte_security/meson.build
new file mode 100644
index 00000000..4c85894c
--- /dev/null
+++ b/lib/librte_security/meson.build
@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: BSD-3-Clause
+# Copyright(c) 2017 Intel Corporation
+
+allow_experimental_apis = true
+sources = files('rte_security.c')
+headers = files('rte_security.h', 'rte_security_driver.h')
+deps += ['mempool', 'cryptodev']
diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
index 1227fca8..1e559c99 100644
--- a/lib/librte_security/rte_security.c
+++ b/lib/librte_security/rte_security.c
@@ -33,12 +33,12 @@
#include <rte_malloc.h>
#include <rte_dev.h>
-
+#include "rte_compat.h"
#include "rte_security.h"
#include "rte_security_driver.h"
struct rte_security_session *
-rte_security_session_create(struct rte_security_ctx *instance,
+__rte_experimental rte_security_session_create(struct rte_security_ctx *instance,
struct rte_security_session_conf *conf,
struct rte_mempool *mp)
{
@@ -49,7 +49,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_create, NULL);
- if (rte_mempool_get(mp, (void *)&sess))
+ if (rte_mempool_get(mp, (void **)&sess))
return NULL;
if (instance->ops->session_create(instance->device, conf, sess, mp)) {
@@ -61,7 +61,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
return sess;
}
-int
+int __rte_experimental
rte_security_session_update(struct rte_security_ctx *instance,
struct rte_security_session *sess,
struct rte_security_session_conf *conf)
@@ -70,7 +70,14 @@ rte_security_session_update(struct rte_security_ctx *instance,
return instance->ops->session_update(instance->device, sess, conf);
}
-int
+unsigned int __rte_experimental
+rte_security_session_get_size(struct rte_security_ctx *instance)
+{
+ RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
+ return instance->ops->session_get_size(instance->device);
+}
+
+int __rte_experimental
rte_security_session_stats_get(struct rte_security_ctx *instance,
struct rte_security_session *sess,
struct rte_security_stats *stats)
@@ -79,7 +86,7 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
return instance->ops->session_stats_get(instance->device, sess, stats);
}
-int
+int __rte_experimental
rte_security_session_destroy(struct rte_security_ctx *instance,
struct rte_security_session *sess)
{
@@ -98,7 +105,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
return ret;
}
-int
+int __rte_experimental
rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
struct rte_security_session *sess,
struct rte_mbuf *m, void *params)
@@ -108,14 +115,26 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
sess, m, params);
}
-const struct rte_security_capability *
+void * __rte_experimental
+rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
+{
+ void *userdata = NULL;
+
+ RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->get_userdata, NULL);
+ if (instance->ops->get_userdata(instance->device, md, &userdata))
+ return NULL;
+
+ return userdata;
+}
+
+const struct rte_security_capability * __rte_experimental
rte_security_capabilities_get(struct rte_security_ctx *instance)
{
RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
return instance->ops->capabilities_get(instance->device);
}
-const struct rte_security_capability *
+const struct rte_security_capability * __rte_experimental
rte_security_capability_get(struct rte_security_ctx *instance,
struct rte_security_capability_idx *idx)
{
diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 653929b9..c75c1218 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -52,6 +52,7 @@ extern "C" {
#include <netinet/ip.h>
#include <netinet/ip6.h>
+#include <rte_compat.h>
#include <rte_common.h>
#include <rte_crypto.h>
#include <rte_mbuf.h>
@@ -60,7 +61,7 @@ extern "C" {
/** IPSec protocol mode */
enum rte_security_ipsec_sa_mode {
- RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT,
+ RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT = 1,
/**< IPSec Transport mode */
RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
/**< IPSec Tunnel mode */
@@ -68,7 +69,7 @@ enum rte_security_ipsec_sa_mode {
/** IPSec Protocol */
enum rte_security_ipsec_sa_protocol {
- RTE_SECURITY_IPSEC_SA_PROTO_AH,
+ RTE_SECURITY_IPSEC_SA_PROTO_AH = 1,
/**< AH protocol */
RTE_SECURITY_IPSEC_SA_PROTO_ESP,
/**< ESP protocol */
@@ -76,7 +77,7 @@ enum rte_security_ipsec_sa_protocol {
/** IPSEC tunnel type */
enum rte_security_ipsec_tunnel_type {
- RTE_SECURITY_IPSEC_TUNNEL_IPV4,
+ RTE_SECURITY_IPSEC_TUNNEL_IPV4 = 1,
/**< Outer header is IPv4 */
RTE_SECURITY_IPSEC_TUNNEL_IPV6,
/**< Outer header is IPv6 */
@@ -94,7 +95,7 @@ enum rte_security_ipsec_tunnel_type {
struct rte_security_ctx {
void *device;
/**< Crypto/ethernet device attached */
- struct rte_security_ops *ops;
+ const struct rte_security_ops *ops;
/**< Pointer to security ops for the device */
uint16_t sess_cnt;
/**< Number of sessions attached to this context */
@@ -228,6 +229,7 @@ struct rte_security_ipsec_xform {
*/
struct rte_security_macsec_xform {
/** To be Filled */
+ int dummy;
};
/**
@@ -252,7 +254,7 @@ enum rte_security_session_action_type {
/** Security session protocol definition */
enum rte_security_session_protocol {
- RTE_SECURITY_PROTOCOL_IPSEC,
+ RTE_SECURITY_PROTOCOL_IPSEC = 1,
/**< IPsec Protocol */
RTE_SECURITY_PROTOCOL_MACSEC,
/**< MACSec Protocol */
@@ -274,6 +276,8 @@ struct rte_security_session_conf {
/**< Configuration parameters for security session */
struct rte_crypto_sym_xform *crypto_xform;
/**< Security Session Crypto Transformations */
+ void *userdata;
+ /**< Application specific userdata to be saved with session */
};
struct rte_security_session {
@@ -291,7 +295,7 @@ struct rte_security_session {
* - On success, pointer to session
* - On failure, NULL
*/
-struct rte_security_session *
+struct rte_security_session * __rte_experimental
rte_security_session_create(struct rte_security_ctx *instance,
struct rte_security_session_conf *conf,
struct rte_mempool *mp);
@@ -306,12 +310,24 @@ rte_security_session_create(struct rte_security_ctx *instance,
* - On success returns 0
* - On failure return errno
*/
-int
+int __rte_experimental
rte_security_session_update(struct rte_security_ctx *instance,
struct rte_security_session *sess,
struct rte_security_session_conf *conf);
/**
+ * Get the size of the security session data for a device.
+ *
+ * @param instance security instance.
+ *
+ * @return
+ * - Size of the private data, if successful
+ * - 0 if device is invalid or does not support the operation.
+ */
+unsigned int __rte_experimental
+rte_security_session_get_size(struct rte_security_ctx *instance);
+
+/**
* Free security session header and the session private data and
* return it to its original mempool.
*
@@ -323,7 +339,7 @@ rte_security_session_update(struct rte_security_ctx *instance,
* - -EINVAL if session is NULL.
* - -EBUSY if not all device private data has been freed.
*/
-int
+int __rte_experimental
rte_security_session_destroy(struct rte_security_ctx *instance,
struct rte_security_session *sess);
@@ -340,18 +356,36 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
* - On success, zero.
* - On failure, a negative value.
*/
-int
+int __rte_experimental
rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
struct rte_security_session *sess,
struct rte_mbuf *mb, void *params);
/**
+ * Get userdata associated with the security session which processed the
+ * packet. This userdata would be registered while creating the session, and
+ * application can use this to identify the SA etc. Device-specific metadata
+ * in the mbuf would be used for this.
+ *
+ * This is valid only for inline processed ingress packets.
+ *
+ * @param instance security instance
+ * @param md device-specific metadata set in mbuf
+ *
+ * @return
+ * - On success, userdata
+ * - On failure, NULL
+ */
+void * __rte_experimental
+rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
+
+/**
* Attach a session to a symmetric crypto operation
*
* @param sym_op crypto operation
* @param sess security session
*/
-static inline int
+static inline int __rte_experimental
__rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
struct rte_security_session *sess)
{
@@ -360,13 +394,13 @@ __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
return 0;
}
-static inline void *
+static inline void * __rte_experimental
get_sec_session_private_data(const struct rte_security_session *sess)
{
return sess->sess_private_data;
}
-static inline void
+static inline void __rte_experimental
set_sec_session_private_data(struct rte_security_session *sess,
void *private_data)
{
@@ -382,7 +416,7 @@ set_sec_session_private_data(struct rte_security_session *sess,
* @param op crypto operation
* @param sess security session
*/
-static inline int
+static inline int __rte_experimental
rte_security_attach_session(struct rte_crypto_op *op,
struct rte_security_session *sess)
{
@@ -424,7 +458,7 @@ struct rte_security_stats {
* - On success return 0
* - On failure errno
*/
-int
+int __rte_experimental
rte_security_session_stats_get(struct rte_security_ctx *instance,
struct rte_security_session *sess,
struct rte_security_stats *stats);
@@ -452,6 +486,7 @@ struct rte_security_capability {
/**< IPsec capability */
struct {
/* To be Filled */
+ int dummy;
} macsec;
/**< MACsec capability */
};
@@ -507,7 +542,7 @@ struct rte_security_capability_idx {
* - Returns array of security capabilities.
* - Return NULL if no capabilities available.
*/
-const struct rte_security_capability *
+const struct rte_security_capability * __rte_experimental
rte_security_capabilities_get(struct rte_security_ctx *instance);
/**
@@ -521,7 +556,7 @@ rte_security_capabilities_get(struct rte_security_ctx *instance);
* index criteria.
* - Return NULL if the capability not matched on security instance.
*/
-const struct rte_security_capability *
+const struct rte_security_capability * __rte_experimental
rte_security_capability_get(struct rte_security_ctx *instance,
struct rte_security_capability_idx *idx);
diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h
index 997fbe79..46239049 100644
--- a/lib/librte_security/rte_security_driver.h
+++ b/lib/librte_security/rte_security_driver.h
@@ -91,6 +91,18 @@ typedef int (*security_session_destroy_t)(void *device,
typedef int (*security_session_update_t)(void *device,
struct rte_security_session *sess,
struct rte_security_session_conf *conf);
+
+/**
+ * Get the size of a security session
+ *
+ * @param device Crypto/eth device pointer
+ *
+ * @return
+ * - On success returns the size of the session structure for device
+ * - On failure returns 0
+ */
+typedef unsigned int (*security_session_get_size)(void *device);
+
/**
* Get stats from the PMD.
*
@@ -122,6 +134,22 @@ typedef int (*security_set_pkt_metadata_t)(void *device,
void *params);
/**
+ * Get application specific userdata associated with the security session which
+ * processed the packet. This would be retrieved using the metadata obtained
+ * from packet.
+ *
+ * @param device Crypto/eth device pointer
+ * @param md Metadata
+ * @param userdata Pointer to receive userdata
+ *
+ * @return
+ * - Returns 0 if userdata is retrieved successfully.
+ * - Returns -ve value for errors.
+ */
+typedef int (*security_get_userdata_t)(void *device,
+ uint64_t md, void **userdata);
+
+/**
* Get security capabilities of the device.
*
* @param device crypto/eth device pointer
@@ -139,12 +167,16 @@ struct rte_security_ops {
/**< Configure a security session. */
security_session_update_t session_update;
/**< Update a security session. */
+ security_session_get_size session_get_size;
+ /**< Return size of security session. */
security_session_stats_get_t session_stats_get;
/**< Get security session statistics. */
security_session_destroy_t session_destroy;
/**< Clear a security sessions private data. */
security_set_pkt_metadata_t set_pkt_metadata;
/**< Update mbuf metadata. */
+ security_get_userdata_t get_userdata;
+ /**< Get userdata associated with session which processed the packet. */
security_capabilities_get_t capabilities_get;
/**< Get security capabilities. */
};
diff --git a/lib/librte_security/rte_security_version.map b/lib/librte_security/rte_security_version.map
index e12c04b2..5a1c8ae3 100644
--- a/lib/librte_security/rte_security_version.map
+++ b/lib/librte_security/rte_security_version.map
@@ -4,8 +4,10 @@ EXPERIMENTAL {
rte_security_attach_session;
rte_security_capabilities_get;
rte_security_capability_get;
+ rte_security_get_userdata;
rte_security_session_create;
rte_security_session_destroy;
+ rte_security_session_get_size;
rte_security_session_stats_get;
rte_security_session_update;
rte_security_set_pkt_metadata;