[dpdk-dev] [RFC PATCH 3/5] rte_security: updates and enabled security operations for ethdev
Akhil Goyal
akhil.goyal at nxp.com
Tue Aug 29 15:19:59 CEST 2017
Hi Radu,
On 8/29/2017 6:43 PM, Radu Nicolau wrote:
>>> @@ -70,9 +70,9 @@ struct rte_security_ipsec_tunnel_param {
>>> } ipv4; /**< IPv4 header parameters */
>>> struct {
>>> - struct in6_addr *src_addr;
>>> + struct in6_addr src_addr;
>>> /**< IPv6 source address */
>>> - struct in6_addr *dst_addr;
>>> + struct in6_addr dst_addr;
>>> /**< IPv6 destination address */
>>> uint8_t dscp;
>>> /**< IPv6 Differentiated Services Code Point */
>>> @@ -171,6 +171,12 @@ struct rte_security_ipsec_xform {
>>> uint8_t *data; /**< pointer to key data */
>>> size_t length; /**< key length in bytes */
>>> } auth_key;
>>> + enum rte_crypto_aead_algorithm aead_alg;
>>> + /**< AEAD Algorithm */
>>> + struct {
>>> + uint8_t *data; /**< pointer to key data */
>>> + size_t length; /**< key length in bytes */
>>> + } aead_key;
>> I believe it would be better to use a union here.
>> union {
>> struct {
>> enum rte_crypto_cipher_algorithm cipher_alg;
>> /**< Cipher Algorithm */
>> struct {
>> uint8_t *data; /**< pointer to key data */
>> size_t length; /**< key length in bytes */
>> } cipher_key;
>> enum rte_crypto_auth_algorithm auth_alg;
>> /**< Authentication Algorithm */
>> struct {
>> uint8_t *data; /**< pointer to key data */
>> size_t length; /**< key length in bytes */
>> } auth_key;
>> };
>> struct {
>> enum rte_crypto_aead_algorithm aead_alg;
>> /**< AEAD Algorithm */
>> struct {
>> uint8_t *data; /**< pointer to key data */
>> size_t length; /**< key length in bytes */
>> } aead_key;
>> };
>> };
> Probably the best way will be to have a chain of transforms, I will
> follow up in the next patchset.
Will it be chain of crypto xforms? If yes, then we may not be needing
the fields like iv and digest length and op will need to assigned twice.
More information about the dev
mailing list