-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Example: crypto inline method addition to crypto_accelerator object #59
Open
loalan
wants to merge
1
commit into
p4lang:main
Choose a base branch
from
loalan:crypto_acc_inline
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -28,6 +28,12 @@ enum crypto_results_e { | |
HW_ERROR | ||
} | ||
|
||
enum crypto_mode_e { | ||
TUNNEL, | ||
TRANSPORT, | ||
TRANSPORT_NAT_T | ||
} | ||
|
||
/// special value to indicate that ICV is after the crypto payload | ||
#define ICV_AFTER_PAYLOAD ((int<32>)-1) | ||
|
||
|
@@ -122,6 +128,55 @@ extern crypto_accelerator { | |
void enable_encrypt<T>(in T enable_auth); | ||
void enable_decrypt<T>(in T enable_auth); | ||
|
||
// crypto accelerator runs immediately and returns control flow to the current pipeline | ||
// stage. The method is responsible for defining the contents of the ESP header, | ||
// calculating the payload offset and lengths, encrypting the payload appropriately and | ||
// reparsing the packet. User can decide if to proceed or reinject. | ||
// | ||
// Pre-conditions: The parser must have been executed prior to this extern. The packet | ||
// headers and metadata from the parser are provided as inout params. | ||
// Post-conditions: The deparser will be executed prior to encapsulation, the packet | ||
// bytestream will be updated and encryption will be performed on the payload. The | ||
// packet will be reparsed and parser states updated. | ||
// Side-effects: parser states will be re-evaluated if crypto has succeeded. | ||
// | ||
// H - inout Headers is the output of the parser block | ||
// M - inout Metadata is from the parser block and shared with the control | ||
// T - in enable_auth flag enables authentication check | ||
// S - in seq is the optional sequence number | ||
// I - in iv is the initialization vector | ||
crypto_results_e encrypt_inline<H,M,T,S,I>(packet_in pkt, | ||
inout H hdr, | ||
inout M meta, | ||
in crypto_mode_e mode, | ||
in T enable_auth, | ||
in bit<32> spi, | ||
in S seq, | ||
in I iv); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why include all these arguments rather than reuse the |
||
|
||
// crypto accelerator runs immediately and returns control flow to the current pipeline | ||
// stage. The method is responsible for decrypting the payload appropriately, removing | ||
// the ESP header, calculating the payload offset and lengths, and reparsing the packet. | ||
// The user should then check the status. | ||
// | ||
// Pre-conditions: The parser will have been executed prior to this extern. The packet | ||
// headers and metadata from the parser are provided as inout params. | ||
// Post-conditions: The deparser will be executed prior to decapsulation, the packet | ||
// bytestream will be updated and decryption will be performed on the payload. The | ||
// packet will be reparsed and parser states recalculated. | ||
// Side-effects: parser states will be re-evaluated if crypto has succeeded. | ||
// | ||
// H - inout Headers is the output of the parser block | ||
// M - inout Metadata is from the parser block and shared with the control | ||
// T - in enable_auth flag enables authentication check | ||
// S - in seq is the optional sequence number | ||
crypto_results_e decrypt_inline<H,M,T,S>(packet_in pkt, | ||
inout H hdr, | ||
inout M meta, | ||
in crypto_mode_e mode, | ||
in T enable_auth, | ||
in S seq); | ||
|
||
// disable crypto engine. Between enable and disable methods, | ||
// whichever method is called last overrides the previous calls | ||
void disable(); | ||
|
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we expect any targets to support both
enable_encrypt
andencrypt_inline
? If not, how would a program be written to be portable?