src/vnet/crypto/crypto.h

   1 /*
   2  * Copyright (c) 2019 Cisco and/or its affiliates.
   3  * Licensed under the Apache License, Version 2.0 (the "License");
   4  * you may not use this file except in compliance with the License.
   5  * You may obtain a copy of the License at:
   6  *
   7  *     http://www.apache.org/licenses/LICENSE-2.0
   8  *
   9  * Unless required by applicable law or agreed to in writing, software
  10  * distributed under the License is distributed on an "AS IS" BASIS,
  11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12  * See the License for the specific language governing permissions and
  13  * limitations under the License.
  14  */
  15
  16 #ifndef included_vnet_crypto_crypto_h
  17 #define included_vnet_crypto_crypto_h
  18
  19 #include <vlib/vlib.h>
  20
  21 #define VNET_CRYPTO_FRAME_SIZE 32
  22
  23 /* CRYPTO_ID, PRETTY_NAME, KEY_LENGTH_IN_BYTES */
  24 #define foreach_crypto_cipher_alg \
  25   _(DES_CBC,     "des-cbc", 7) \
  26   _(3DES_CBC,    "3des-cbc", 24) \
  27   _(AES_128_CBC, "aes-128-cbc", 16) \
  28   _(AES_192_CBC, "aes-192-cbc", 24) \
  29   _(AES_256_CBC, "aes-256-cbc", 32) \
  30   _(AES_128_CTR, "aes-128-ctr", 16) \
  31   _(AES_192_CTR, "aes-192-ctr", 24) \
  32   _(AES_256_CTR, "aes-256-ctr", 32)
  33
  34 /* CRYPTO_ID, PRETTY_NAME, KEY_LENGTH_IN_BYTES */
  35 #define foreach_crypto_aead_alg \
  36   _(AES_128_GCM, "aes-128-gcm", 16) \
  37   _(AES_192_GCM, "aes-192-gcm", 24) \
  38   _(AES_256_GCM, "aes-256-gcm", 32) \
  39   _(CHACHA20_POLY1305, "chacha20-poly1305", 32)
  40
  41 #define foreach_crypto_hmac_alg \
  42   _(MD5, "md5") \
  43   _(SHA1, "sha-1") \
  44   _(SHA224, "sha-224")  \
  45   _(SHA256, "sha-256")  \
  46   _(SHA384, "sha-384")  \
  47   _(SHA512, "sha-512")
  48
  49 #define foreach_crypto_op_type \
  50   _(ENCRYPT, "encrypt") \
  51   _(DECRYPT, "decrypt") \
  52   _(AEAD_ENCRYPT, "aead-encrypt") \
  53   _(AEAD_DECRYPT, "aead-decrypt") \
  54   _(HMAC, "hmac")
  55
  56 typedef enum
  57 {
  58 #define _(n, s) VNET_CRYPTO_OP_TYPE_##n,
  59   foreach_crypto_op_type
  60 #undef _
  61     VNET_CRYPTO_OP_N_TYPES,
  62 } vnet_crypto_op_type_t;
  63
  64 #define foreach_crypto_op_status \
  65   _(IDLE, "idle") \
  66   _(PENDING, "pending") \
  67   _(WORK_IN_PROGRESS, "work-in-progress") \
  68   _(COMPLETED, "completed") \
  69   _(FAIL_NO_HANDLER, "no-handler") \
  70   _(FAIL_BAD_HMAC, "bad-hmac") \
  71   _(FAIL_ENGINE_ERR, "engine-error")
  72
  73 /** async crypto **/
  74
  75 /* CRYPTO_ID, PRETTY_NAME, KEY_LENGTH_IN_BYTES, TAG_LEN, AAD_LEN */
  76 #define foreach_crypto_aead_async_alg \
  77   _(AES_128_GCM, "aes-128-gcm-aad8", 16, 16, 8) \
  78   _(AES_128_GCM, "aes-128-gcm-aad12", 16, 16, 12) \
  79   _(AES_192_GCM, "aes-192-gcm-aad8", 24, 16, 8) \
  80   _(AES_192_GCM, "aes-192-gcm-aad12", 24, 16, 12) \
  81   _(AES_256_GCM, "aes-256-gcm-aad8", 32, 16, 8) \
  82   _(AES_256_GCM, "aes-256-gcm-aad12", 32, 16, 12) \
  83   _(CHACHA20_POLY1305, "chacha20-poly1305-aad8", 32, 16, 8) \
  84   _(CHACHA20_POLY1305, "chacha20-poly1305-aad12", 32, 16, 12)
  85
  86 /* CRYPTO_ID, INTEG_ID, PRETTY_NAME, KEY_LENGTH_IN_BYTES, DIGEST_LEN */
  87 #define foreach_crypto_link_async_alg \
  88   _ (AES_128_CBC, SHA1, "aes-128-cbc-hmac-sha-1", 16, 12) \
  89   _ (AES_192_CBC, SHA1, "aes-192-cbc-hmac-sha-1", 24, 12) \
  90   _ (AES_256_CBC, SHA1, "aes-256-cbc-hmac-sha-1", 32, 12) \
  91   _ (AES_128_CBC, SHA224, "aes-128-cbc-hmac-sha-224", 16, 14) \
  92   _ (AES_192_CBC, SHA224, "aes-192-cbc-hmac-sha-224", 24, 14) \
  93   _ (AES_256_CBC, SHA224, "aes-256-cbc-hmac-sha-224", 32, 14) \
  94   _ (AES_128_CBC, SHA256, "aes-128-cbc-hmac-sha-256", 16, 16) \
  95   _ (AES_192_CBC, SHA256, "aes-192-cbc-hmac-sha-256", 24, 16) \
  96   _ (AES_256_CBC, SHA256, "aes-256-cbc-hmac-sha-256", 32, 16) \
  97   _ (AES_128_CBC, SHA384, "aes-128-cbc-hmac-sha-384", 16, 24) \
  98   _ (AES_192_CBC, SHA384, "aes-192-cbc-hmac-sha-384", 24, 24) \
  99   _ (AES_256_CBC, SHA384, "aes-256-cbc-hmac-sha-384", 32, 24) \
 100   _ (AES_128_CBC, SHA512, "aes-128-cbc-hmac-sha-512", 16, 32) \
 101   _ (AES_192_CBC, SHA512, "aes-192-cbc-hmac-sha-512", 24, 32) \
 102   _ (AES_256_CBC, SHA512, "aes-256-cbc-hmac-sha-512", 32, 32)
 103
 104 #define foreach_crypto_async_op_type \
 105   _(ENCRYPT, "async-encrypt") \
 106   _(DECRYPT, "async-decrypt")
 107
 108 typedef enum
 109 {
 110   VNET_CRYPTO_KEY_OP_ADD,
 111   VNET_CRYPTO_KEY_OP_DEL,
 112   VNET_CRYPTO_KEY_OP_MODIFY,
 113 } vnet_crypto_key_op_t;
 114
 115 typedef enum
 116 {
 117 #define _(n, s) VNET_CRYPTO_OP_STATUS_##n,
 118   foreach_crypto_op_status
 119 #undef _
 120     VNET_CRYPTO_OP_N_STATUS,
 121 } vnet_crypto_op_status_t;
 122
 123 /* *INDENT-OFF* */
 124 typedef enum
 125 {
 126   VNET_CRYPTO_ALG_NONE = 0,
 127 #define _(n, s, l) VNET_CRYPTO_ALG_##n,
 128   foreach_crypto_cipher_alg
 129   foreach_crypto_aead_alg
 130 #undef _
 131 #define _(n, s) VNET_CRYPTO_ALG_HMAC_##n,
 132   foreach_crypto_hmac_alg
 133 #undef _
 134   VNET_CRYPTO_N_ALGS,
 135 } vnet_crypto_alg_t;
 136
 137 typedef enum
 138 {
 139 #define _(n, s) VNET_CRYPTO_ASYNC_OP_TYPE_##n,
 140   foreach_crypto_async_op_type
 141 #undef _
 142     VNET_CRYPTO_ASYNC_OP_N_TYPES,
 143 } vnet_crypto_async_op_type_t;
 144
 145 typedef enum
 146 {
 147   VNET_CRYPTO_ASYNC_ALG_NONE = 0,
 148 #define _(n, s, k, t, a) \
 149   VNET_CRYPTO_ALG_##n##_TAG##t##_AAD##a,
 150   foreach_crypto_aead_async_alg
 151 #undef _
 152 #define _(c, h, s, k ,d) \
 153   VNET_CRYPTO_ALG_##c##_##h##_TAG##d,
 154   foreach_crypto_link_async_alg
 155 #undef _
 156   VNET_CRYPTO_N_ASYNC_ALGS,
 157 } vnet_crypto_async_alg_t;
 158
 159 typedef enum
 160 {
 161   VNET_CRYPTO_ASYNC_OP_NONE = 0,
 162 #define _(n, s, k, t, a) \
 163   VNET_CRYPTO_OP_##n##_TAG##t##_AAD##a##_ENC, \
 164   VNET_CRYPTO_OP_##n##_TAG##t##_AAD##a##_DEC,
 165   foreach_crypto_aead_async_alg
 166 #undef _
 167 #define _(c, h, s, k ,d) \
 168   VNET_CRYPTO_OP_##c##_##h##_TAG##d##_ENC, \
 169   VNET_CRYPTO_OP_##c##_##h##_TAG##d##_DEC,
 170   foreach_crypto_link_async_alg
 171 #undef _
 172   VNET_CRYPTO_ASYNC_OP_N_IDS,
 173 } vnet_crypto_async_op_id_t;
 174
 175 typedef struct
 176 {
 177   union
 178   {
 179     struct
 180     {
 181       u8 *data;
 182       vnet_crypto_alg_t alg:8;
 183     };
 184     struct
 185     {
 186       u32 index_crypto;
 187       u32 index_integ;
 188       vnet_crypto_async_alg_t async_alg:8;
 189     };
 190   };
 191 #define VNET_CRYPTO_KEY_TYPE_DATA 0
 192 #define VNET_CRYPTO_KEY_TYPE_LINK 1
 193   u8 type;
 194 } vnet_crypto_key_t;
 195
 196 typedef enum
 197 {
 198   VNET_CRYPTO_OP_NONE = 0,
 199 #define _(n, s, l) VNET_CRYPTO_OP_##n##_ENC, VNET_CRYPTO_OP_##n##_DEC,
 200   foreach_crypto_cipher_alg
 201   foreach_crypto_aead_alg
 202 #undef _
 203 #define _(n, s) VNET_CRYPTO_OP_##n##_HMAC,
 204  foreach_crypto_hmac_alg
 205 #undef _
 206     VNET_CRYPTO_N_OP_IDS,
 207 } vnet_crypto_op_id_t;
 208 /* *INDENT-ON* */
 209
 210
 211 typedef enum
 212 {
 213   CRYPTO_OP_SIMPLE,
 214   CRYPTO_OP_CHAINED,
 215   CRYPTO_OP_BOTH,
 216 } crypto_op_class_type_t;
 217
 218 typedef struct
 219 {
 220   char *name;
 221   vnet_crypto_op_id_t op_by_type[VNET_CRYPTO_OP_N_TYPES];
 222 } vnet_crypto_alg_data_t;
 223
 224 typedef struct
 225 {
 226   u8 *src;
 227   u8 *dst;
 228   u32 len;
 229 } vnet_crypto_op_chunk_t;
 230
 231 typedef struct
 232 {
 233   CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
 234   uword user_data;
 235   vnet_crypto_op_id_t op:16;
 236   vnet_crypto_op_status_t status:8;
 237   u8 flags;
 238 #define VNET_CRYPTO_OP_FLAG_INIT_IV (1 << 0)
 239 #define VNET_CRYPTO_OP_FLAG_HMAC_CHECK (1 << 1)
 240 #define VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS (1 << 2)
 241
 242   union
 243   {
 244     u8 digest_len;
 245     u8 tag_len;
 246   };
 247   u16 aad_len;
 248
 249   union
 250   {
 251     struct
 252     {
 253       u8 *src;
 254       u8 *dst;
 255     };
 256
 257     /* valid if VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS is set */
 258     u16 n_chunks;
 259   };
 260
 261   union
 262   {
 263     u32 len;
 264     /* valid if VNET_CRYPTO_OP_FLAG_CHAINED_BUFFERS is set */
 265     u32 chunk_index;
 266   };
 267
 268   u32 key_index;
 269   u8 *iv;
 270   u8 *aad;
 271
 272   union
 273   {
 274     u8 *tag;
 275     u8 *digest;
 276   };
 277 } vnet_crypto_op_t;
 278
 279 STATIC_ASSERT_SIZEOF (vnet_crypto_op_t, CLIB_CACHE_LINE_BYTES);
 280
 281 typedef struct
 282 {
 283   vnet_crypto_op_type_t type;
 284   vnet_crypto_alg_t alg;
 285   u32 active_engine_index_simple;
 286   u32 active_engine_index_chained;
 287 } vnet_crypto_op_data_t;
 288
 289 typedef struct
 290 {
 291   vnet_crypto_async_op_type_t type;
 292   vnet_crypto_async_alg_t alg;
 293   u32 active_engine_index_async;
 294 } vnet_crypto_async_op_data_t;
 295
 296 typedef struct
 297 {
 298   char *name;
 299   vnet_crypto_async_op_id_t op_by_type[VNET_CRYPTO_ASYNC_OP_N_TYPES];
 300 } vnet_crypto_async_alg_data_t;
 301
 302 typedef struct
 303 {
 304   vnet_crypto_op_status_t status:8;
 305   u32 key_index;
 306   i16 crypto_start_offset;      /* first buffer offset */
 307   i16 integ_start_offset;
 308   u32 crypto_total_length;
 309   /* adj total_length for integ, e.g.4 bytes for IPSec ESN */
 310   u16 integ_length_adj;
 311   u8 *iv;
 312   union
 313   {
 314     u8 *digest;
 315     u8 *tag;
 316   };
 317   u8 *aad;
 318   u8 flags; /**< share same VNET_CRYPTO_OP_FLAG_* values */
 319 } vnet_crypto_async_frame_elt_t;
 320
 321 typedef struct
 322 {
 323   CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
 324 #define VNET_CRYPTO_FRAME_STATE_NOT_PROCESSED 0
 325 #define VNET_CRYPTO_FRAME_STATE_WORK_IN_PROGRESS 1
 326 #define VNET_CRYPTO_FRAME_STATE_SUCCESS 2
 327 #define VNET_CRYPTO_FRAME_STATE_ELT_ERROR 3
 328   u8 state;
 329   vnet_crypto_async_op_id_t op:8;
 330   u16 n_elts;
 331   vnet_crypto_async_frame_elt_t elts[VNET_CRYPTO_FRAME_SIZE];
 332   u32 buffer_indices[VNET_CRYPTO_FRAME_SIZE];
 333   u16 next_node_index[VNET_CRYPTO_FRAME_SIZE];
 334 } vnet_crypto_async_frame_t;
 335
 336 typedef struct
 337 {
 338   CLIB_CACHE_LINE_ALIGN_MARK (cacheline0);
 339   vnet_crypto_async_frame_t *frames[VNET_CRYPTO_ASYNC_OP_N_IDS];
 340   vnet_crypto_async_frame_t *frame_pool;
 341   u32 *buffer_indice;
 342   u16 *nexts;
 343 } vnet_crypto_thread_t;
 344
 345 typedef u32 vnet_crypto_key_index_t;
 346
 347 typedef u32 (vnet_crypto_chained_ops_handler_t) (vlib_main_t * vm,
 348                                                  vnet_crypto_op_t * ops[],
 349                                                  vnet_crypto_op_chunk_t *
 350                                                  chunks, u32 n_ops);
 351
 352 typedef u32 (vnet_crypto_ops_handler_t) (vlib_main_t * vm,
 353                                          vnet_crypto_op_t * ops[], u32 n_ops);
 354
 355 typedef void (vnet_crypto_key_handler_t) (vlib_main_t * vm,
 356                                           vnet_crypto_key_op_t kop,
 357                                           vnet_crypto_key_index_t idx);
 358
 359 /** async crypto function handlers **/
 360 typedef int (vnet_crypto_frame_enqueue_t) (vlib_main_t * vm,
 361                                            vnet_crypto_async_frame_t * frame);
 362 typedef vnet_crypto_async_frame_t *
 363   (vnet_crypto_frame_dequeue_t) (vlib_main_t * vm);
 364
 365 u32 vnet_crypto_register_engine (vlib_main_t * vm, char *name, int prio,
 366                                  char *desc);
 367
 368 void vnet_crypto_register_ops_handler (vlib_main_t * vm, u32 engine_index,
 369                                        vnet_crypto_op_id_t opt,
 370                                        vnet_crypto_ops_handler_t * oph);
 371
 372 void vnet_crypto_register_chained_ops_handler (vlib_main_t * vm,
 373                                                u32 engine_index,
 374                                                vnet_crypto_op_id_t opt,
 375                                                vnet_crypto_chained_ops_handler_t
 376                                                * oph);
 377
 378 void vnet_crypto_register_ops_handlers (vlib_main_t * vm, u32 engine_index,
 379                                         vnet_crypto_op_id_t opt,
 380                                         vnet_crypto_ops_handler_t * fn,
 381                                         vnet_crypto_chained_ops_handler_t *
 382                                         cfn);
 383
 384 void vnet_crypto_register_key_handler (vlib_main_t * vm, u32 engine_index,
 385                                        vnet_crypto_key_handler_t * keyh);
 386
 387 /** async crypto register functions */
 388 u32 vnet_crypto_register_post_node (vlib_main_t * vm, char *post_node_name);
 389 void vnet_crypto_register_async_handler (vlib_main_t * vm,
 390                                          u32 engine_index,
 391                                          vnet_crypto_async_op_id_t opt,
 392                                          vnet_crypto_frame_enqueue_t * enq_fn,
 393                                          vnet_crypto_frame_dequeue_t *
 394                                          deq_fn);
 395
 396 typedef struct
 397 {
 398   char *name;
 399   char *desc;
 400   int priority;
 401   vnet_crypto_key_handler_t *key_op_handler;
 402   vnet_crypto_ops_handler_t *ops_handlers[VNET_CRYPTO_N_OP_IDS];
 403     vnet_crypto_chained_ops_handler_t
 404     * chained_ops_handlers[VNET_CRYPTO_N_OP_IDS];
 405   vnet_crypto_frame_enqueue_t *enqueue_handlers[VNET_CRYPTO_ASYNC_OP_N_IDS];
 406   vnet_crypto_frame_dequeue_t *dequeue_handlers[VNET_CRYPTO_ASYNC_OP_N_IDS];
 407 } vnet_crypto_engine_t;
 408
 409 typedef struct
 410 {
 411   u32 node_idx;
 412   u32 next_idx;
 413 } vnet_crypto_async_next_node_t;
 414
 415 typedef struct
 416 {
 417   vnet_crypto_alg_data_t *algs;
 418   vnet_crypto_thread_t *threads;
 419   vnet_crypto_ops_handler_t **ops_handlers;
 420   vnet_crypto_chained_ops_handler_t **chained_ops_handlers;
 421   vnet_crypto_frame_enqueue_t **enqueue_handlers;
 422   vnet_crypto_frame_dequeue_t **dequeue_handlers;
 423   clib_bitmap_t *async_active_ids;
 424   vnet_crypto_op_data_t opt_data[VNET_CRYPTO_N_OP_IDS];
 425   vnet_crypto_async_op_data_t async_opt_data[VNET_CRYPTO_ASYNC_OP_N_IDS];
 426   vnet_crypto_engine_t *engines;
 427   vnet_crypto_key_t *keys;
 428   uword *engine_index_by_name;
 429   uword *alg_index_by_name;
 430   uword *async_alg_index_by_name;
 431   vnet_crypto_async_alg_data_t *async_algs;
 432   u32 async_refcnt;
 433   vnet_crypto_async_next_node_t *next_nodes;
 434 } vnet_crypto_main_t;
 435
 436 extern vnet_crypto_main_t crypto_main;
 437
 438 u32 vnet_crypto_process_chained_ops (vlib_main_t * vm, vnet_crypto_op_t ops[],
 439                                      vnet_crypto_op_chunk_t * chunks,
 440                                      u32 n_ops);
 441 u32 vnet_crypto_process_ops (vlib_main_t * vm, vnet_crypto_op_t ops[],
 442                              u32 n_ops);
 443
 444
 445 int vnet_crypto_set_handler2 (char *ops_handler_name, char *engine,
 446                               crypto_op_class_type_t oct);
 447 int vnet_crypto_is_set_handler (vnet_crypto_alg_t alg);
 448
 449 u32 vnet_crypto_key_add (vlib_main_t * vm, vnet_crypto_alg_t alg,
 450                          u8 * data, u16 length);
 451 void vnet_crypto_key_del (vlib_main_t * vm, vnet_crypto_key_index_t index);
 452
 453 /**
 454  * Use 2 created keys to generate new key for linked algs (cipher + integ)
 455  * The returned key index is to be used for linked alg only.
 456  **/
 457 u32 vnet_crypto_key_add_linked (vlib_main_t * vm,
 458                                 vnet_crypto_key_index_t index_crypto,
 459                                 vnet_crypto_key_index_t index_integ);
 460
 461 clib_error_t *crypto_dispatch_enable_disable (int is_enable);
 462
 463 int vnet_crypto_set_async_handler2 (char *alg_name, char *engine);
 464
 465 int vnet_crypto_is_set_async_handler (vnet_crypto_async_op_id_t opt);
 466
 467 void vnet_crypto_request_async_mode (int is_enable);
 468
 469 vnet_crypto_async_alg_t vnet_crypto_link_algs (vnet_crypto_alg_t crypto_alg,
 470                                                vnet_crypto_alg_t integ_alg);
 471
 472 clib_error_t *crypto_dispatch_enable_disable (int is_enable);
 473
 474 format_function_t format_vnet_crypto_alg;
 475 format_function_t format_vnet_crypto_engine;
 476 format_function_t format_vnet_crypto_op;
 477 format_function_t format_vnet_crypto_op_type;
 478 format_function_t format_vnet_crypto_op_status;
 479 unformat_function_t unformat_vnet_crypto_alg;
 480
 481 format_function_t format_vnet_crypto_async_op;
 482 format_function_t format_vnet_crypto_async_alg;
 483 format_function_t format_vnet_crypto_async_op_type;
 484
 485 static_always_inline void
 486 vnet_crypto_op_init (vnet_crypto_op_t * op, vnet_crypto_op_id_t type)
 487 {
 488   if (CLIB_DEBUG > 0)
 489     clib_memset (op, 0xfe, sizeof (*op));
 490   op->op = type;
 491   op->flags = 0;
 492   op->key_index = ~0;
 493   op->n_chunks = 0;
 494 }
 495
 496 static_always_inline vnet_crypto_op_type_t
 497 vnet_crypto_get_op_type (vnet_crypto_op_id_t id)
 498 {
 499   vnet_crypto_main_t *cm = &crypto_main;
 500   ASSERT (id < VNET_CRYPTO_N_OP_IDS);
 501   vnet_crypto_op_data_t *od = cm->opt_data + id;
 502   return od->type;
 503 }
 504
 505 static_always_inline vnet_crypto_key_t *
 506 vnet_crypto_get_key (vnet_crypto_key_index_t index)
 507 {
 508   vnet_crypto_main_t *cm = &crypto_main;
 509   return vec_elt_at_index (cm->keys, index);
 510 }
 511
 512 static_always_inline int
 513 vnet_crypto_set_handler (char *alg_name, char *engine)
 514 {
 515   return vnet_crypto_set_handler2 (alg_name, engine, CRYPTO_OP_BOTH);
 516 }
 517
 518 /** async crypto inline functions **/
 519
 520 static_always_inline vnet_crypto_async_frame_t *
 521 vnet_crypto_async_get_frame (vlib_main_t * vm, vnet_crypto_async_op_id_t opt)
 522 {
 523   vnet_crypto_main_t *cm = &crypto_main;
 524   vnet_crypto_thread_t *ct = cm->threads + vm->thread_index;
 525   vnet_crypto_async_frame_t *f = ct->frames[opt];
 526
 527   if (!f)
 528     {
 529       pool_get_aligned (ct->frame_pool, f, CLIB_CACHE_LINE_BYTES);
 530       if (CLIB_DEBUG > 0)
 531         clib_memset (f, 0xfe, sizeof (*f));
 532       f->state = VNET_CRYPTO_FRAME_STATE_NOT_PROCESSED;
 533       f->op = opt;
 534       f->n_elts = 0;
 535       ct->frames[opt] = f;
 536     }
 537   return f;
 538 }
 539
 540 static_always_inline void
 541 vnet_crypto_async_free_frame (vlib_main_t * vm,
 542                               vnet_crypto_async_frame_t * frame)
 543 {
 544   vnet_crypto_main_t *cm = &crypto_main;
 545   vnet_crypto_thread_t *ct = cm->threads + vm->thread_index;
 546   pool_put (ct->frame_pool, frame);
 547 }
 548
 549 static_always_inline int
 550 vnet_crypto_async_submit_open_frame (vlib_main_t * vm,
 551                                      vnet_crypto_async_frame_t * frame)
 552 {
 553   vnet_crypto_main_t *cm = &crypto_main;
 554   vnet_crypto_thread_t *ct = cm->threads + vm->thread_index;
 555   vnet_crypto_async_op_id_t opt = frame->op;
 556   int ret = (cm->enqueue_handlers[frame->op]) (vm, frame);
 557   clib_bitmap_set_no_check (cm->async_active_ids, opt, 1);
 558   if (PREDICT_TRUE (ret == 0))
 559     {
 560       vnet_crypto_async_frame_t *nf = 0;
 561       frame->state = VNET_CRYPTO_FRAME_STATE_WORK_IN_PROGRESS;
 562       pool_get_aligned (ct->frame_pool, nf, CLIB_CACHE_LINE_BYTES);
 563       if (CLIB_DEBUG > 0)
 564         clib_memset (nf, 0xfe, sizeof (*nf));
 565       nf->state = VNET_CRYPTO_FRAME_STATE_NOT_PROCESSED;
 566       nf->op = opt;
 567       nf->n_elts = 0;
 568       ct->frames[opt] = nf;
 569     }
 570   return ret;
 571 }
 572
 573 static_always_inline int
 574 vnet_crypto_async_add_to_frame (vlib_main_t * vm,
 575                                 vnet_crypto_async_frame_t ** frame,
 576                                 u32 key_index,
 577                                 u32 crypto_len, i16 integ_len_adj,
 578                                 i16 crypto_start_offset,
 579                                 u16 integ_start_offset,
 580                                 u32 buffer_index,
 581                                 u16 next_node,
 582                                 u8 * iv, u8 * tag, u8 * aad, u8 flags)
 583 {
 584   vnet_crypto_async_frame_t *f = *frame;
 585   vnet_crypto_async_frame_elt_t *fe;
 586   u16 index;
 587
 588   if (PREDICT_FALSE (f->n_elts == VNET_CRYPTO_FRAME_SIZE))
 589     {
 590       vnet_crypto_async_op_id_t opt = f->op;
 591       int ret;
 592       ret = vnet_crypto_async_submit_open_frame (vm, f);
 593       if (PREDICT_FALSE (ret < 0))
 594         return -1;
 595       f = vnet_crypto_async_get_frame (vm, opt);
 596       *frame = f;
 597     }
 598
 599   index = f->n_elts;
 600   fe = &f->elts[index];
 601   f->n_elts++;
 602   fe->key_index = key_index;
 603   fe->crypto_total_length = crypto_len;
 604   fe->crypto_start_offset = crypto_start_offset;
 605   fe->integ_start_offset = integ_start_offset;
 606   fe->integ_length_adj = integ_len_adj;
 607   fe->iv = iv;
 608   fe->tag = tag;
 609   fe->aad = aad;
 610   fe->flags = flags;
 611   f->buffer_indices[index] = buffer_index;
 612   f->next_node_index[index] = next_node;
 613
 614   return 0;
 615 }
 616
 617 static_always_inline void
 618 vnet_crypto_async_reset_frame (vnet_crypto_async_frame_t * f)
 619 {
 620   vnet_crypto_async_op_id_t opt;
 621   ASSERT (f != 0);
 622   ASSERT (f->state == VNET_CRYPTO_FRAME_STATE_NOT_PROCESSED);
 623   opt = f->op;
 624   if (CLIB_DEBUG > 0)
 625     clib_memset (f, 0xfe, sizeof (*f));
 626   f->state = VNET_CRYPTO_FRAME_STATE_NOT_PROCESSED;
 627   f->op = opt;
 628   f->n_elts = 0;
 629 }
 630
 631 #endif /* included_vnet_crypto_crypto_h */
 632
 633 /*
 634  * fd.io coding-style-patch-verification: ON
 635  *
 636  * Local Variables:
 637  * eval: (c-set-style "gnu")
 638  * End:
 639  */