2 // Copyright (c) 2010-2017 Intel Corporation
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
8 // http://www.apache.org/licenses/LICENSE-2.0
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
18 * Non compatible implementation of RFC3686(CTR-AES 128 bit key), RFC4303 (tunnel ipv4 ESP)
20 * 1. Crypto not safe!!!!! (underlying AES-CTR implementation is OK, but ESP implementation is lousy)
21 * 2. Only ESP/tunnel/ipv4/AES-CTR
22 * 3. Not fully implemented
23 * 4. No proper key / SADB
24 * So performance demonstrator only
27 #include "task_init.h"
28 #include "task_base.h"
33 #include "prox_cksum.h"
35 #include <rte_cryptodev.h>
36 #include <rte_cryptodev_pmd.h>
38 typedef unsigned int u32;
39 typedef unsigned char u8;
41 #define BYTE_LENGTH(x) (x/8)
42 #define DIGEST_BYTE_LENGTH_SHA1 (BYTE_LENGTH(160))
44 //#define CIPHER_KEY_LENGTH_AES_CBC (32)
45 #define CIPHER_KEY_LENGTH_AES_CBC (16)//==TEST
46 #define CIPHER_IV_LENGTH_AES_CBC 16
48 static inline void *get_sym_cop(struct rte_crypto_op *cop)
50 //return (cop + 1);//makes no sense on dpdk_17.05.2
55 struct task_base base;
62 struct rte_cryptodev_sym_session *sess;
63 struct rte_crypto_sym_xform cipher_xform;
64 struct rte_crypto_sym_xform auth_xform;
65 struct rte_crypto_op *ops_burst[MAX_PKT_BURST];
69 struct task_base base;
75 struct rte_cryptodev_sym_session *sess;
76 struct rte_crypto_sym_xform cipher_xform;
77 struct rte_crypto_sym_xform auth_xform;
78 struct rte_crypto_op *ops_burst[MAX_PKT_BURST];
81 struct crypto_testsuite_params {
82 struct rte_mempool *mbuf_ol_pool_enc;
83 struct rte_mempool *mbuf_ol_pool_dec;
85 struct rte_cryptodev_config conf;
86 struct rte_cryptodev_qp_conf qp_conf;
89 static struct crypto_testsuite_params testsuite_params = { NULL };
90 static enum rte_cryptodev_type gbl_cryptodev_preftest_devtype = RTE_CRYPTODEV_AESNI_MB_PMD;
92 static uint8_t hmac_sha1_key[] = {
93 0xF8, 0x2A, 0xC7, 0x54, 0xDB, 0x96, 0x18, 0xAA,
94 0xC3, 0xA1, 0x53, 0xF6, 0x1F, 0x17, 0x60, 0xBD,
95 0xDE, 0xF4, 0xDE, 0xAD };
96 static uint8_t aes_cbc_key[] = {
97 0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
98 0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
99 0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
100 0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A };
102 static void init_task_esp_enc(struct task_base *tbase, struct task_args *targ)
104 int i, nb_devs, valid_dev_id = 0;
105 struct crypto_testsuite_params *ts_params = &testsuite_params;
106 struct rte_cryptodev_info info;
108 tbase->flags |= FLAG_NEVER_FLUSH;
110 ts_params->mbuf_ol_pool_enc = rte_crypto_op_pool_create("crypto_op_pool_enc",
111 RTE_CRYPTO_OP_TYPE_SYMMETRIC, (2*1024*1024), 128, 0,
113 PROX_PANIC(ts_params->mbuf_ol_pool_enc == NULL, "Can't create ENC CRYPTO_OP_POOL\n");
115 struct task_esp_enc *task = (struct task_esp_enc *)tbase;
116 task->crypto_dev_id = rte_vdev_init(RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD), NULL);
117 nb_devs = rte_cryptodev_count_devtype(RTE_CRYPTODEV_AESNI_MB_PMD);
118 PROX_PANIC(nb_devs < 1, "No crypto devices found?\n");
120 /* Search for the first valid */
121 for (i = 0; i < nb_devs; i++) {
122 rte_cryptodev_info_get(i, &info);
123 if (info.dev_type == gbl_cryptodev_preftest_devtype) {
124 task->crypto_dev_id = i;
129 PROX_PANIC(!valid_dev_id, "invalid crypto devices found?\n");
132 * Since we can't free and re-allocate queue memory always set the queues
133 * on this device up to max size first so enough memory is allocated for
134 * any later re-configures needed by other tests
137 ts_params->conf.nb_queue_pairs = 2;
138 ts_params->conf.socket_id = SOCKET_ID_ANY;
139 ts_params->conf.session_mp.nb_objs = 2048;
140 ts_params->qp_conf.nb_descriptors = 4096;
142 /*Now reconfigure queues to size we actually want to use in this testsuite.*/
143 ts_params->qp_conf.nb_descriptors = 128;
144 rte_cryptodev_configure(task->crypto_dev_id, &ts_params->conf);
145 rte_cryptodev_queue_pair_setup(task->crypto_dev_id, 0,
146 &ts_params->qp_conf, rte_cryptodev_socket_id(task->crypto_dev_id));
147 rte_cryptodev_configure(task->crypto_dev_id, &ts_params->conf);
149 struct rte_cryptodev *dev;
150 dev = rte_cryptodev_pmd_get_dev(task->crypto_dev_id);
151 PROX_PANIC(dev->attached != RTE_CRYPTODEV_ATTACHED, "No ENC cryptodev attached\n");
153 /* Setup Cipher Parameters */
154 task->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
155 task->cipher_xform.next = &(task->auth_xform);
157 task->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
158 task->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
159 task->cipher_xform.cipher.key.data = aes_cbc_key;
160 task->cipher_xform.cipher.key.length = CIPHER_KEY_LENGTH_AES_CBC;
162 /* Setup HMAC Parameters */
163 task->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
164 task->auth_xform.next = NULL;
165 task->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
166 task->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
167 task->auth_xform.auth.key.length = DIGEST_BYTE_LENGTH_SHA1;
168 task->auth_xform.auth.key.data = hmac_sha1_key;
169 task->auth_xform.auth.digest_length = DIGEST_BYTE_LENGTH_SHA1;
171 /* Create Crypto session*/
172 task->sess = rte_cryptodev_sym_session_create(task->crypto_dev_id, &task->cipher_xform);
173 PROX_PANIC(task->sess == NULL, "Failed to create ENC session\n");
175 // Read config file with SAs
176 task->local_ipv4 = rte_cpu_to_be_32(targ->local_ipv4);
177 task->remote_ipv4 = rte_cpu_to_be_32(targ->remote_ipv4);
179 //#include "prox_port_cfg.h"
180 //struct prox_port_cfg *port = find_reachable_port(targ);
181 //memcpy(&task->src_mac, &prox_port_cfg[task->base.tx_params_hw.tx_port_queue->port].eth_addr, sizeof(struct ether_addr));
183 for (i = 0; i < 16; i++) task->key[i] = i+2;
184 for (i = 0; i < 16; i++) task->iv[i] = i;
187 static void init_task_esp_dec(struct task_base *tbase, struct task_args *targ)
190 struct crypto_testsuite_params *ts_params = &testsuite_params;
192 tbase->flags |= FLAG_NEVER_FLUSH;
194 ts_params->mbuf_ol_pool_dec = rte_crypto_op_pool_create("crypto_op_pool_dec",
195 RTE_CRYPTO_OP_TYPE_SYMMETRIC, (2*1024*1024), 128, 0,
197 PROX_PANIC(ts_params->mbuf_ol_pool_dec == NULL, "Can't create DEC CRYPTO_OP_POOL\n");
199 // Read config file with SAs
200 struct task_esp_dec *task = (struct task_esp_dec *)tbase;
201 task->local_ipv4 = rte_cpu_to_be_32(targ->local_ipv4);
203 task->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
204 task->cipher_xform.next = NULL;
205 task->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
206 task->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT;
207 task->cipher_xform.cipher.key.data = aes_cbc_key;
208 task->cipher_xform.cipher.key.length = CIPHER_KEY_LENGTH_AES_CBC;
210 /* Setup HMAC Parameters */
211 task->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
212 task->auth_xform.next = &task->cipher_xform;
213 task->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY;
214 task->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
215 task->auth_xform.auth.key.length = DIGEST_BYTE_LENGTH_SHA1;
216 task->auth_xform.auth.key.data = hmac_sha1_key;
217 task->auth_xform.auth.digest_length = DIGEST_BYTE_LENGTH_SHA1;
219 rte_cryptodev_queue_pair_setup(task->crypto_dev_id, 1, &ts_params->qp_conf, rte_cryptodev_socket_id(task->crypto_dev_id));
221 struct rte_cryptodev *dev;
222 dev = rte_cryptodev_pmd_get_dev(task->crypto_dev_id);
223 PROX_PANIC(dev->attached != RTE_CRYPTODEV_ATTACHED, "No DEC cryptodev attached\n");
225 ts_params->qp_conf.nb_descriptors = 128;
227 rte_cryptodev_stats_reset(task->crypto_dev_id);
229 task->sess = rte_cryptodev_sym_session_create(task->crypto_dev_id, &task->auth_xform);
230 PROX_PANIC(task->sess == NULL, "Failed to create DEC session\n");
232 rte_cryptodev_stats_reset(task->crypto_dev_id);
233 rte_cryptodev_start(task->crypto_dev_id);
236 for (i = 0; i < 16; i++) task->key[i] = i+2;
237 for (i = 0; i < 16; i++) task->iv[i] = i;
240 static uint8_t aes_cbc_iv[] = {
241 0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2,
242 0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A };
244 static inline uint8_t handle_esp_ah_enc(struct task_esp_enc *task, struct rte_mbuf *mbuf, struct rte_crypto_op *cop)
247 struct ether_hdr *peth = rte_pktmbuf_mtod(mbuf, struct ether_hdr *);
248 struct ipv4_hdr* pip4 = (struct ipv4_hdr *)(peth + 1);
249 uint16_t ipv4_length = rte_be_to_cpu_16(pip4->total_length);
250 struct rte_crypto_sym_op *sym_cop = get_sym_cop(cop);
252 if (unlikely((pip4->version_ihl >> 4) != 4)) {
253 plog_info("Received non IPv4 packet at esp enc %i\n", pip4->version_ihl);
254 plogdx_info(mbuf, "ENC RX: ");
257 if (pip4->time_to_live) {
258 pip4->time_to_live--;
261 plog_info("TTL = 0 => Dropping\n");
265 // Remove padding if any (we don't want to encapsulate garbage at end of IPv4 packet)
266 int l1 = rte_pktmbuf_pkt_len(mbuf);
267 int padding = l1 - (ipv4_length + sizeof(struct ether_hdr));
268 if (unlikely(padding > 0)) {
269 rte_pktmbuf_trim(mbuf, padding);
272 l1 = rte_pktmbuf_pkt_len(mbuf);
273 int encrypt_len = l1 - sizeof(struct ether_hdr) + 2; // According to RFC4303 table 1, encrypt len is ip+tfc_pad(o)+pad+pad len(1) + next header(1)
275 if ((encrypt_len & 0xf) != 0)
277 padding = 16 - (encrypt_len % 16);
278 encrypt_len += padding;
281 // Encapsulate, crypt in a separate buffer
282 const int extra_space = sizeof(struct ipv4_hdr) + 4 + 4 + CIPHER_IV_LENGTH_AES_CBC; // + new IP header, SPI, SN, IV
283 struct ether_addr src_mac = peth->s_addr;
284 struct ether_addr dst_mac = peth->d_addr;
285 uint32_t src_addr = pip4->src_addr;
286 uint32_t dst_addr = pip4->dst_addr;
287 uint8_t ttl = pip4->time_to_live;
288 uint8_t version_ihl = pip4->version_ihl;
290 peth = (struct ether_hdr *)rte_pktmbuf_prepend(mbuf, extra_space); // encap + prefix
291 peth = (struct ether_hdr *)rte_pktmbuf_append(mbuf, 0 + 1 + 1 + padding + 4 + DIGEST_BYTE_LENGTH_SHA1); // padding + pad_len + next_head + seqn + ICV pad + ICV
292 peth = rte_pktmbuf_mtod(mbuf, struct ether_hdr *);
293 l1 = rte_pktmbuf_pkt_len(mbuf);
294 peth->ether_type = ETYPE_IPv4;
296 //send it back for now
297 ether_addr_copy(&dst_mac, &peth->s_addr);//IS-srcmac-should get from if
298 ether_addr_copy(&src_mac, &peth->d_addr);//IS-dstmac-will be rewritten by arp
300 ether_addr_copy(&dst_mac, &peth->d_addr);
301 ether_addr_copy(&src_mac, &peth->s_addr);
304 pip4 = (struct ipv4_hdr *)(peth + 1);
305 pip4->src_addr = task->local_ipv4;
306 pip4->dst_addr = task->remote_ipv4;
307 pip4->time_to_live = ttl;
308 pip4->next_proto_id = IPPROTO_ESP; // 50 for ESP, ip in ip next proto trailer
309 pip4->version_ihl = version_ihl; // 20 bytes, ipv4
310 pip4->total_length = rte_cpu_to_be_16(ipv4_length + sizeof(struct ipv4_hdr) + 4 + 4 + CIPHER_IV_LENGTH_AES_CBC + padding + 1 + 1 + DIGEST_BYTE_LENGTH_SHA1); // iphdr+SPI+SN+IV+payload+padding+padlen+next header + crc + auth
311 pip4->packet_id = 0x0101;
312 pip4->type_of_service = 0;
313 pip4->time_to_live = 64;
314 prox_ip_cksum_sw(pip4);
316 // find the SA when there will be more than one
317 if (task->ipaddr == pip4->src_addr)
320 data = (u8*)(pip4 + 1);
321 *((u32*) data) = 0x2016; // FIXME SPI
322 *((u32*) data + 1) = 0x2; // FIXME SN
323 u8 *padl = (u8*)data + (8 + encrypt_len - 2 + CIPHER_IV_LENGTH_AES_CBC); // No ESN yet. (-2 means NH is crypted)
324 // padl += CIPHER_IV_LENGTH_AES_CBC;
326 *(padl + 1) = 4; // ipv4 in 4
328 // one key for them all for now
329 rte_crypto_op_attach_sym_session(cop, task->sess);
331 sym_cop->auth.digest.data = data + 8 + CIPHER_IV_LENGTH_AES_CBC + encrypt_len;
332 sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(mbuf, (sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr) + 8 + CIPHER_IV_LENGTH_AES_CBC + encrypt_len));
333 sym_cop->auth.digest.length = DIGEST_BYTE_LENGTH_SHA1;
335 sym_cop->cipher.iv.data = data + 8;
336 sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys(mbuf) + sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr) + 4 + 4;
337 sym_cop->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
339 rte_memcpy(sym_cop->cipher.iv.data, aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC);
341 sym_cop->cipher.data.offset = sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr) + 4 + 4 + CIPHER_IV_LENGTH_AES_CBC;
342 sym_cop->cipher.data.length = encrypt_len;
344 sym_cop->auth.data.offset = sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr);
345 sym_cop->auth.data.length = 4 + 4 + CIPHER_IV_LENGTH_AES_CBC + encrypt_len ;// + 4;// FIXME
347 u8* m = rte_pktmbuf_mtod(mbuf, u8*);
349 plog_info("enc: auth.digest.data:%d cipher.iv.data:%d cipher.data.offset:%d auth.data.offset:%d\n", (u8*)sym_cop->auth.digest.data-m, (u8*)sym_cop->cipher.iv.data-m, sym_cop->cipher.data.offset, sym_cop->auth.data.offset);
352 sym_cop->m_src = mbuf;
353 //cop->type = RTE_CRYPTO_OP_TYPE_SYMMETRIC;
354 //cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
359 static inline uint8_t handle_esp_ah_dec(struct task_esp_dec *task, struct rte_mbuf *mbuf, struct rte_crypto_op *cop)
361 struct rte_crypto_sym_op *sym_cop = get_sym_cop(cop);
362 struct ether_hdr *peth = rte_pktmbuf_mtod(mbuf, struct ether_hdr *);
363 struct ipv4_hdr* pip4 = (struct ipv4_hdr *)(peth + 1);
364 uint16_t ipv4_length = rte_be_to_cpu_16(pip4->total_length);
365 u8 *data = (u8*)(pip4 + 1);
367 if (pip4->next_proto_id != IPPROTO_ESP)
369 plog_info("Received non ESP packet on esp dec\n");
370 plogdx_info(mbuf, "DEC RX: ");
373 if (task->ipaddr == pip4->src_addr)
377 rte_crypto_op_attach_sym_session(cop, task->sess);
379 sym_cop->auth.digest.data = (unsigned char *)((unsigned char*)pip4 + ipv4_length - DIGEST_BYTE_LENGTH_SHA1);
380 sym_cop->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(mbuf, sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr) + 4 + 4); // FIXME
381 sym_cop->auth.digest.length = DIGEST_BYTE_LENGTH_SHA1;
383 sym_cop->cipher.iv.data = (uint8_t *)data + 8;
384 sym_cop->cipher.iv.phys_addr = rte_pktmbuf_mtophys(mbuf) + sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr) + 4 + 4;
385 sym_cop->cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
387 sym_cop->auth.data.offset = sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr);
388 sym_cop->auth.data.length = ipv4_length - sizeof(struct ipv4_hdr) - 4 - CIPHER_IV_LENGTH_AES_CBC;
390 sym_cop->cipher.data.offset = sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr) + 4 + 4 + CIPHER_IV_LENGTH_AES_CBC;
391 sym_cop->cipher.data.length = ipv4_length - sizeof(struct ipv4_hdr) - CIPHER_IV_LENGTH_AES_CBC - 28; // FIXME
394 u8* m = rte_pktmbuf_mtod(mbuf, u8*);
395 plog_info("dec: auth.digest.data:%d cipher.iv.data:%d cipher.data.offset:%d auth.data.offset:%d\n", (u8*)sym_cop->auth.digest.data-m, (u8*)sym_cop->cipher.iv.data-m, sym_cop->cipher.data.offset, sym_cop->auth.data.offset);
398 sym_cop->m_src = mbuf;
402 static inline void do_ipv4_swap(struct task_esp_dec *task, struct rte_mbuf *mbuf)
404 struct ether_hdr *peth = rte_pktmbuf_mtod(mbuf, struct ether_hdr *);
405 struct ether_addr src_mac = peth->s_addr;
406 struct ether_addr dst_mac = peth->d_addr;
407 uint32_t src_ip, dst_ip;
409 struct ipv4_hdr* pip4 = (struct ipv4_hdr *)(peth + 1);
410 src_ip = pip4->src_addr;
411 dst_ip = pip4->dst_addr;
413 //memcpy(&peth->s_addr, &prox_port_cfg[task->base.tx_params_hw.tx_port_queue->port].eth_addr, sizeof(struct ether_addr));
414 //peth->s_addr, dst_mac;
415 peth->d_addr = src_mac;//should be replaced by arp
416 pip4->src_addr = dst_ip;
417 pip4->dst_addr = src_ip;
420 static inline uint8_t handle_esp_ah_dec_finish(struct task_esp_dec *task, struct rte_mbuf *mbuf)
422 struct ether_hdr *peth = rte_pktmbuf_mtod(mbuf, struct ether_hdr *);
423 rte_memcpy(((u8*)peth) + sizeof (struct ether_hdr), ((u8*)peth) + sizeof (struct ether_hdr) +
424 + sizeof(struct ipv4_hdr) + 4 + 4 + CIPHER_IV_LENGTH_AES_CBC, sizeof(struct ipv4_hdr));// next hdr, padding
425 struct ipv4_hdr* pip4 = (struct ipv4_hdr *)(peth + 1);
427 if (unlikely((pip4->version_ihl >> 4) != 4)) {
428 plog_info("non IPv4 packet after esp dec %i\n", pip4->version_ihl);
429 plogdx_info(mbuf, "DEC TX: ");
432 if (pip4->time_to_live) {
433 pip4->time_to_live--;
436 plog_info("TTL = 0 => Dropping\n");
439 uint16_t ipv4_length = rte_be_to_cpu_16(pip4->total_length);
440 rte_memcpy(((u8*)peth) + sizeof (struct ether_hdr) + sizeof(struct ipv4_hdr),
441 ((u8*)peth) + sizeof (struct ether_hdr) +
442 + 2 * sizeof(struct ipv4_hdr) + 4 + 4 + CIPHER_IV_LENGTH_AES_CBC, ipv4_length - sizeof(struct ipv4_hdr));
444 int len = rte_pktmbuf_pkt_len(mbuf);
445 rte_pktmbuf_trim(mbuf, len - sizeof (struct ether_hdr) - ipv4_length);
446 prox_ip_cksum_sw(pip4);
447 peth = rte_pktmbuf_mtod(mbuf, struct ether_hdr *);
450 do_ipv4_swap(task, mbuf);
452 // one key for them all for now
454 // struct crypto_aes_ctx ctx;
455 // ctx.iv = (u8*)&iv_onstack;
456 // *((u32*)ctx.iv) = *((u32*)data + 2);
457 // aes_set_key(&ctx, task->key, 16);//
459 // result = ctr_crypt(&ctx, dest, data + 12, len);//
460 // memcpy(pip4, dest, len);
465 static int handle_esp_enc_bulk(struct task_base *tbase, struct rte_mbuf **mbufs, uint16_t n_pkts)
467 struct task_esp_enc *task = (struct task_esp_enc *)tbase;
468 struct crypto_testsuite_params *ts_params = &testsuite_params;
469 uint8_t out[MAX_PKT_BURST];
470 uint16_t i = 0, nb_rx = 0, j = 0;
472 if (rte_crypto_op_bulk_alloc( ts_params->mbuf_ol_pool_enc,
473 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
474 task->ops_burst, n_pkts) != n_pkts) {
476 PROX_PANIC(1, "Failed to allocate ENC crypto operations\n");
479 for (uint16_t j = 0; j < n_pkts; ++j) {
480 out[j] = handle_esp_ah_enc(task, mbufs[j], task->ops_burst[j]);
483 if (rte_cryptodev_enqueue_burst(task->crypto_dev_id, 0, task->ops_burst, n_pkts) != n_pkts) {
484 plog_info("Error enc enqueue_burst\n");
488 //do not call rte_cryptodev_dequeue_burst() on already dequeued packets
489 //otherwise handle_completed_jobs() screws up the content of the ops_burst array!
491 nb_rx = rte_cryptodev_dequeue_burst(
492 task->crypto_dev_id, 0,// FIXME AK
493 task->ops_burst+i, n_pkts-i);
495 } while (i < n_pkts);
498 for (j = 0; j < n_pkts; j++) {
500 u8* m = rte_pktmbuf_mtod(mbufs[j], u8*);
501 //u32 l = rte_pktmbuf_pkt_len(mbuf);
502 bin2hexstr(s_out, (const char*)m+106, DIGEST_BYTE_LENGTH_SHA1);
503 plog_info("%d status:%d digest:%s\n", j, task->ops_burst[j]->status, s_out);
506 for (j = 0; j < n_pkts; j++) {
507 rte_crypto_op_free(task->ops_burst[j]);
510 return task->base.tx_pkt(&task->base, mbufs, n_pkts, out);
513 static int handle_esp_dec_bulk(struct task_base *tbase, struct rte_mbuf **mbufs, uint16_t n_pkts)
515 struct task_esp_dec *task = (struct task_esp_dec *)tbase;
516 struct crypto_testsuite_params *ts_params = &testsuite_params;
517 uint8_t out[MAX_PKT_BURST];
518 uint16_t j, nb_dec=0, nb_rx=0;
520 if (rte_crypto_op_bulk_alloc(
521 ts_params->mbuf_ol_pool_dec,
522 RTE_CRYPTO_OP_TYPE_SYMMETRIC,
523 task->ops_burst, n_pkts) !=
526 PROX_PANIC(1, "Failed to allocate DEC crypto operations\n");
529 for (j = 0; j < n_pkts; ++j) {
530 out[j] = handle_esp_ah_dec(task, mbufs[j], task->ops_burst[nb_dec]);
531 if (out[j] != OUT_DISCARD)
535 if (rte_cryptodev_enqueue_burst(task->crypto_dev_id, 1, task->ops_burst, nb_dec) != nb_dec) {
536 plog_info("Error dec enqueue_burst\n");
542 nb_rx = rte_cryptodev_dequeue_burst(task->crypto_dev_id, 1,// FIXME AK
543 task->ops_burst+j, nb_dec-j);
545 } while (j < nb_dec);
546 //plog_info("==dequeue n_pkts=%d\n", n_pkts);
547 for (j = 0; j < nb_dec; ++j) {
548 //if (out[j]) continue;//was not queued
549 if (task->ops_burst[j]->status != RTE_CRYPTO_OP_STATUS_SUCCESS){
550 plog_info("err: task->ops_burst[%d].status=%d\n", j, task->ops_burst[j]->status);
551 //!!!TODO!!! find mbuf and discard it!!!
552 //for now just send it further
553 //plogdx_info(mbufs[j], "RX: ");
555 if (task->ops_burst[j]->status == RTE_CRYPTO_OP_STATUS_SUCCESS) {
556 struct rte_mbuf *mbuf = task->ops_burst[j]->sym->m_src;
557 handle_esp_ah_dec_finish(task, mbuf);//TODO set out[j] properly
558 //plog_info("%d ", j);
561 //plog_info("====\n");
563 for (j = 0; j < n_pkts; j++) {
564 rte_crypto_op_free(task->ops_burst[j]);
567 return task->base.tx_pkt(&task->base, mbufs, n_pkts, out);
570 struct task_init task_init_esp_enc = {
572 .mode_str = "esp_enc",
573 .init = init_task_esp_enc,
574 .handle = handle_esp_enc_bulk,
575 .size = sizeof(struct task_esp_enc)
578 struct task_init task_init_esp_dec = {
580 .mode_str = "esp_dec",
581 .init = init_task_esp_dec,
582 .handle = handle_esp_dec_bulk,
583 .size = sizeof(struct task_esp_dec)
586 __attribute__((constructor)) static void reg_task_esp_enc(void)
588 reg_task(&task_init_esp_enc);
591 __attribute__((constructor)) static void reg_task_esp_dec(void)
593 reg_task(&task_init_esp_dec);