一个dpdk执行crypto的样例程序#

代码#

1
#include <assert.h>
2
#include <rte_config.h>
3
#include <stdbool.h>
4
#include <stdint.h>
5
#include <stdio.h>
6
#include <stdlib.h>
7
#include <string.h>
8

9
#include <rte_crypto.h>
10
#include <rte_crypto_sym.h>
11
#include <rte_cryptodev.h>
12
#include <rte_eal.h>
13
#include <rte_lcore.h>
14
#include <rte_mbuf.h>
15
#include <rte_mbuf_core.h>
16
#include <rte_mempool.h>
17

18
#define CRYPTO_OP_POOL_NAME "crypto_op_pool"
19
#define MBUF_POOL_NAME "data_mbuf_pool"
20
#define SESS_POOL_NAME "sym_sess_pool"
21
#define MBUFS_PER_POOL 2048
22
#define CRYPTO_OPS_PER_POOL 2048
23
#define SESS_PER_POOL 2048
24

25
#define AES_KEY_SIZE 32 // 256 bits
26
#define IV_SIZE 16      // 128 bits
27
#define BLOCK_SIZE 16   // AES block size
28
#define MAX_SESSIONS 10
29
#define PMD_NAME "crypto_openssl"
30

31
static struct rte_mempool *crypto_op_pool = NULL;
32
static struct rte_mempool *mbuf_pool = NULL;
33
static struct rte_mempool *sess_pool = NULL;
34

35
static uint8_t aes_key[AES_KEY_SIZE] = {
36
    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
37
    0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
38
    0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f};
39
static uint8_t iv_data[IV_SIZE] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
40
                                   0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
41
                                   0x0d, 0x0e, 0x0f, 0x10};
42

43
int setup_cryptodev() {
44
  uint8_t cdev_ids[64] = {0};
45
  int num_cdevs = rte_cryptodev_devices_get(PMD_NAME, cdev_ids, 64);
46
  assert(num_cdevs > 0 && "no cdev " PMD_NAME " found!");
47
  uint8_t cdev_id = cdev_ids[0];
48
  struct rte_cryptodev_config config = {
49
      .nb_queue_pairs = 1,
50
      .socket_id = rte_socket_id(),
51
  };
52
  if (rte_cryptodev_configure(cdev_id, &config) < 0) {
53
    fprintf(stderr, "failed to configure crypto dev %u\n", cdev_id);
54
    return -1;
55
  }
56

57
  struct rte_cryptodev_qp_conf qp_conf = {
58
      .nb_descriptors = 2048,
59
  };
60
  if (rte_cryptodev_queue_pair_setup(cdev_id, 0, &qp_conf, rte_socket_id()) <
61
      0) {
62
    fprintf(stderr, "failed to setup queue pair 0 on device %u\n", cdev_id);
63
    return -1;
64
  }
65

66
  if (rte_cryptodev_start(cdev_id) < 0) {
67
    fprintf(stderr, "failed to start crypto dev %u\b", cdev_id);
68
    return -1;
69
  }
70
  return cdev_id;
71
}
72

73
struct rte_crypto_sym_session *create_sym_encrypt_session(uint8_t cdev_id) {
74
  struct rte_crypto_cipher_xform cipher = {
75
      .algo = RTE_CRYPTO_CIPHER_AES_CBC,
76
      .op = RTE_CRYPTO_CIPHER_OP_ENCRYPT,
77
      .key.length = AES_KEY_SIZE,
78
      .key.data = aes_key,
79
      .iv.length = IV_SIZE,
80
      .iv.offset =
81
          sizeof(struct rte_crypto_op) + sizeof(struct rte_crypto_sym_op),
82
  };
83

84
  struct rte_crypto_sym_xform xform = {
85
      .next = NULL,
86
      .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
87
      .cipher = cipher,
88
  };
89

90
  struct rte_crypto_sym_session *sess =
91
      rte_cryptodev_sym_session_create(cdev_id, &xform, sess_pool);
92
  if (!sess) {
93
    fprintf(stderr, "failed to create encrypt session for cdev :%u\n", cdev_id);
94
    return NULL;
95
  }
96
  return sess;
97
}
98

99
struct rte_crypto_sym_session *create_sym_decrypt_session(uint8_t cdev_id) {
100
  struct rte_crypto_cipher_xform cipher = {
101
      .algo = RTE_CRYPTO_CIPHER_AES_CBC,
102
      .op = RTE_CRYPTO_CIPHER_OP_DECRYPT,
103
      .key.length = AES_KEY_SIZE,
104
      .key.data = aes_key,
105
      .iv.length = IV_SIZE,
106
      .iv.offset =
107
          sizeof(struct rte_crypto_op) + sizeof(struct rte_crypto_sym_op),
108
  };
109

110
  struct rte_crypto_sym_xform xform = {
111
      .next = NULL,
112
      .type = RTE_CRYPTO_SYM_XFORM_CIPHER,
113
      .cipher = cipher,
114
  };
115

116
  struct rte_crypto_sym_session *sess =
117
      rte_cryptodev_sym_session_create(cdev_id, &xform, sess_pool);
118
  if (!sess) {
119
    fprintf(stderr, "failed to create decrypt session for cdev :%u\n", cdev_id);
120
    return NULL;
121
  }
122
  return sess;
123
}
124

125
static const char *rte_crypto_op_err_msg(const struct rte_crypto_op *op) {
126
  char *status_str;
127
  switch (op->status) {
128
  case RTE_CRYPTO_OP_STATUS_NOT_PROCESSED:
129
    status_str = "RTE_CRYPTO_OP_STATUS_NOT_PROCESSED";
130
    break;
131
  case RTE_CRYPTO_OP_STATUS_AUTH_FAILED:
132
    status_str = "RTE_CRYPTO_OP_STATUS_AUTH_FAILED";
133
    break;
134
  case RTE_CRYPTO_OP_STATUS_INVALID_SESSION:
135
    status_str = "RTE_CRYPTO_OP_STATUS_INVALID_SESSION";
136
    break;
137
  case RTE_CRYPTO_OP_STATUS_INVALID_ARGS:
138
    status_str = "RTE_CRYPTO_OP_STATUS_INVALID_ARGS";
139
    break;
140
  case RTE_CRYPTO_OP_STATUS_ERROR:
141
    status_str = "RTE_CRYPTO_OP_STATUS_ERROR";
142
    break;
143
  default:
144
    printf("rte_crypto_op_err_msg, but no error\n");
145
    status_str = NULL;
146
  }
147
  return status_str;
148
}
149

150
bool do_encrypt(uint8_t cdev_id, struct rte_crypto_sym_session *sess,
151
                const char *plaintext, char **encrypted_text,
152
                size_t *encrypted_len) {
153
  bool success = false;
154
  size_t data_len = strlen(plaintext);
155
  uint8_t padding_len = BLOCK_SIZE - (data_len % BLOCK_SIZE);
156
  size_t total_len = data_len + padding_len;
157

158
  // 1. alloc mbuf
159
  struct rte_mbuf *m = rte_pktmbuf_alloc(mbuf_pool);
160
  if (!m) {
161
    fprintf(stderr, "failed to alloc for mbuf\n");
162
    goto cleanup;
163
  }
164

165
  // 2. fill in data
166
  if (rte_pktmbuf_append(m, total_len) == 0) {
167
    fprintf(stderr, "mbuf append failed\n");
168
    rte_pktmbuf_free(m);
169
    return false;
170
  }
171
  uint8_t *data_ptr = rte_pktmbuf_mtod(m, uint8_t *);
172
  memcpy(data_ptr, plaintext, data_len);
173
  memset(data_ptr + data_len, 0, padding_len);
174

175
  printf("Original plaintext (padded): '");
176
  for (size_t i = 0; i < total_len; i++) {
177
    printf("%02x ", data_ptr[i]);
178
  }
179
  printf("\n");
180
  printf("Data length: %zu (Padded: %zu)\n", data_len, total_len);
181

182
  // 3. alloc crypto op
183
  struct rte_crypto_op *op =
184
      rte_crypto_op_alloc(crypto_op_pool, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
185
  if (!op) {
186
    fprintf(stderr, "failed to alloc for op\n");
187
    goto cleanup;
188
  }
189

190
  // 4. configure op
191
  rte_crypto_op_attach_sym_session(op, sess);
192
  op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
193
  op->sym->m_src = m;
194
  op->sym->m_dst = NULL;
195
  op->sym->cipher.data.offset = 0;
196
  op->sym->cipher.data.length = total_len;
197

198
  // 5. append IV after op->sym
199
  uint8_t *iv_ptr = rte_crypto_op_ctod_offset(
200
      op, uint8_t *,
201
      sizeof(struct rte_crypto_op) + sizeof(struct rte_crypto_sym_op));
202
  memcpy(iv_ptr, iv_data, IV_SIZE);
203

204
  // 6. enqueue
205
  struct rte_crypto_op *ops_enq[] = {op};
206
  int enqueued = rte_cryptodev_enqueue_burst(cdev_id, 0, ops_enq, 1);
207
  printf("Enqueued %d ops\n", enqueued);
208
  printf("original op addr: %p\n", op);
209

210
  // 7. dequeue
211
  struct rte_crypto_op *ops_deq[2] = {0};
212
  int dequeued = 0;
213
  unsigned int retries = 0;
214

215
  while (dequeued == 0 && retries < 100) {
216
    dequeued = rte_cryptodev_dequeue_burst(cdev_id, 0, ops_deq, 1);
217
    retries++;
218
  }
219

220
  if (dequeued != 1) {
221
    fprintf(stderr, "failed to dequeue crypto op, dequeued :%d\n", dequeued);
222
    goto cleanup;
223
  }
224

225
  // 8. check result
226
  struct rte_crypto_op *completed_op = ops_deq[0];
227
  printf("completed_op addr: %p\n", completed_op);
228
  uint8_t *encrypted_ptr = NULL;
229
  if (completed_op->status == RTE_CRYPTO_OP_STATUS_SUCCESS) {
230
    encrypted_ptr = rte_pktmbuf_mtod(completed_op->sym->m_src, uint8_t *);
231
    printf("\n encryption success\n");
232
    printf("encrypted data (hex): ");
233
    for (size_t i = 0; i < total_len; i++) {
234
      printf("%02x ", encrypted_ptr[i]);
235
    }
236
    printf("\n");
237
  } else {
238
    fprintf(stderr, "encryption failed with error: %s\n",
239
            rte_crypto_op_err_msg(completed_op));
240
    goto cleanup;
241
  }
242

243
  // 9. copy result to return
244
  *encrypted_text = (char *)malloc(total_len);
245
  if (!encrypted_text) {
246
    fprintf(stderr, "failed to alloc for encrypted!\n");
247
    goto cleanup;
248
  }
249
  assert(encrypted_ptr);
250
  memcpy(*encrypted_text, encrypted_ptr, total_len);
251
  *encrypted_len = total_len;
252

253
  success = true;
254
  // 10. free resource
255

256
cleanup:
257
  if (op)
258
    rte_crypto_op_free(op);
259
  if (m)
260
    rte_pktmbuf_free(m);
261
  return success;
262
}
263

264
const char *do_decrypt(uint8_t cdev_id, struct rte_crypto_sym_session *sess,
265
                       const char *encrypted_text, size_t total_len) {
266
  char *plaintext = NULL;
267
  struct rte_crypto_op *op = NULL;
268
  struct rte_mbuf *m = NULL;
269

270
  // 1. alloc mbuf
271
  m = rte_pktmbuf_alloc(mbuf_pool);
272
  if (!m) {
273
    fprintf(stderr, "failed to alloc for mbuf\n");
274
    goto cleanup;
275
  }
276

277
  // 2. fill in data
278
  if (rte_pktmbuf_append(m, total_len) == 0) {
279
    fprintf(stderr, "mbuf append failed\n");
280
    goto cleanup;
281
  }
282
  uint8_t *data_ptr = rte_pktmbuf_mtod(m, uint8_t *);
283
  memcpy(data_ptr, encrypted_text, total_len);
284

285
  // 3. alloc crypto op
286
  op = rte_crypto_op_alloc(crypto_op_pool, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
287
  if (!op) {
288
    fprintf(stderr, "failed to alloc for op\n");
289
    goto cleanup;
290
  }
291

292
  // 4. configure op
293
  rte_crypto_op_attach_sym_session(op, sess);
294
  op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
295
  op->sym->m_src = m;
296
  op->sym->m_dst = NULL;
297
  op->sym->cipher.data.offset = 0;
298
  op->sym->cipher.data.length = total_len;
299

300
  // 5. append iv after op->sym
301
  uint8_t *iv_ptr = rte_crypto_op_ctod_offset(
302
      op, uint8_t *,
303
      sizeof(struct rte_crypto_op) + sizeof(struct rte_crypto_sym_op));
304
  memcpy(iv_ptr, iv_data, IV_SIZE);
305

306
  // 6. enqueue
307
  struct rte_crypto_op *ops_enq[] = {op};
308
  int enqueued = rte_cryptodev_enqueue_burst(cdev_id, 0, ops_enq, 1);
309
  printf("Enqueued %d ops\n", enqueued);
310
  printf("original op addr: %p\n", op);
311

312
  // 7. dequeue
313
  struct rte_crypto_op *ops_deq[2] = {0};
314
  int dequeued = 0;
315
  unsigned int retries = 0;
316

317
  while (dequeued == 0 && retries < 100) {
318
    dequeued = rte_cryptodev_dequeue_burst(cdev_id, 0, ops_deq, 1);
319
    retries++;
320
  }
321

322
  if (dequeued != 1) {
323
    fprintf(stderr, "failed to dequeue crypto op, dequeued :%d\n", dequeued);
324
    goto cleanup;
325
  }
326

327
  // 8. check result
328
  struct rte_crypto_op *completed_op = ops_deq[0];
329
  printf("completed_op addr: %p\n", completed_op);
330
  uint8_t *decrypted_ptr = NULL;
331
  size_t decrypted_data_len = 0;
332
  if (completed_op->status == RTE_CRYPTO_OP_STATUS_SUCCESS) {
333
    decrypted_ptr = rte_pktmbuf_mtod(completed_op->sym->m_src, uint8_t *);
334
    decrypted_data_len = rte_pktmbuf_data_len(completed_op->sym->m_src);
335
    if (decrypted_data_len != total_len) {
336
      fprintf(stderr, "decrypted_data_len != total len\n");
337
    } else {
338
      printf("decryption success\n");
339
    }
340
    printf("decrypted data (hex): ");
341
    for (size_t i = 0; i < decrypted_data_len; i++) {
342
      printf("%02x ", decrypted_ptr[i]);
343
    }
344
    printf("\n");
345
  } else {
346
    fprintf(stderr, "decryption failed with error: %s\n",
347
            rte_crypto_op_err_msg(completed_op));
348
    goto cleanup;
349
  }
350

351
  // 9. copy result to return
352
  plaintext = (char *)malloc(decrypted_data_len);
353
  if (!plaintext) {
354
    fprintf(stderr, "failed to alloc for plaintext\n");
355
    goto cleanup;
356
  }
357
  assert(decrypted_ptr);
358
  memcpy(plaintext, decrypted_ptr, decrypted_data_len);
359

360
cleanup:
361
  if (m)
362
    rte_pktmbuf_free(m);
363
  if (op)
364
    rte_crypto_op_free(op);
365
  return plaintext;
366
}
367

368
const char* read_file(const char* file_path, size_t *out_len) {
369
  FILE* fp = fopen(file_path, "r");
370
  if (!fp) {
371
    fprintf(stderr, "failed to open file: %s\n", file_path);
372
    return NULL;
373
  }
374
  if (fseek(fp, 0, SEEK_END) != 0) {
375
    fprintf(stderr, "failed to seek to file end\n");
376
    goto cleanup;
377
  }
378
  long file_size = ftell(fp);
379
  if (file_size < 0) {
380
    fprintf(stderr, "failed to get file_size\n");
381
    goto cleanup;
382
  }
383
  rewind(fp);
384
  char* buffer = (char*)malloc(file_size + 1);
385
  if (!buffer) {
386
    fprintf(stderr, "failed to alloc for buffer\n");
387
    goto cleanup;
388
  }
389
  size_t read_bytes = fread(buffer, 1, file_size, fp);
390
  if (read_bytes != file_size) {
391
    fprintf(stderr, "failed to read into buffer, expected: %zu, got: %zu\n", file_size, read_bytes);
392
    goto cleanup;
393
  }
394
  buffer[file_size] = '\0';
395
  fclose(fp);
396
  *out_len = file_size;
397
  return buffer;
398

399
cleanup:
400
  if (fp) fclose(fp);
401
  return NULL;
402
}
403

404
int main(int argc, char **argv) {
405
  rte_eal_init(argc, argv);
406

407
  // 1. cryptodev setup
408
  uint8_t cdev_id = setup_cryptodev();
409
  if (cdev_id == (uint8_t)-1) {
410
    fprintf(stderr, "Error configure cryptodev\n");
411
    goto cleanup;
412
  }
413

414
  // 2. mbuf & crypto_op mempool alloc
415
  mbuf_pool =
416
      rte_pktmbuf_pool_create(MBUF_POOL_NAME, MBUFS_PER_POOL, 256, 0,
417
                              RTE_MBUF_DEFAULT_BUF_SIZE, rte_socket_id());
418
  crypto_op_pool = rte_crypto_op_pool_create(
419
      CRYPTO_OP_POOL_NAME, RTE_CRYPTO_OP_TYPE_SYMMETRIC, CRYPTO_OPS_PER_POOL, 0,
420
      0, rte_socket_id());
421

422
  size_t priv_size = rte_cryptodev_sym_get_private_session_size(cdev_id);
423
  sess_pool = rte_cryptodev_sym_session_pool_create(
424
      SESS_POOL_NAME, SESS_PER_POOL, priv_size, 0, 0, rte_socket_id());
425
  if (!mbuf_pool) {
426
    fprintf(stderr, "mbuf_pool alloc failed\n");
427
    goto cleanup;
428
  }
429
  if (!crypto_op_pool) {
430
    fprintf(stderr, "crypto_op_pool alloc failed\n");
431
    goto cleanup;
432
  }
433
  if (!sess_pool) {
434
    fprintf(stderr, "sess_pool alloc failed\n");
435
    goto cleanup;
436
  }
437

438
  // 3. create session
439
  struct rte_crypto_sym_session *encrypt_sess =
440
      create_sym_encrypt_session(cdev_id);
441
  struct rte_crypto_sym_session *decrypt_sess =
442
      create_sym_decrypt_session(cdev_id);
443
  if (!encrypt_sess || !decrypt_sess) {
444
    fprintf(stderr, "failed to create session\n");
445
    goto cleanup;
446
  }
447

448
  // 4. perform encrypt
449
  const char *plaintext =
450
      "This is a secrete message for AES-256-CBC encryption. hello world!";
451
  char *encrypted_text = NULL;
452
  size_t encrypted_len = 0;
453
  printf("---start encrypt---\n");
454
  do_encrypt(cdev_id, encrypt_sess, plaintext, &encrypted_text, &encrypted_len);
455
  printf("---encrypt complete---\n");
456
  printf("\n");
457
  printf("---start decrypt---\n");
458
  const char *decrypted_text =
459
      do_decrypt(cdev_id, decrypt_sess, encrypted_text, encrypted_len);
460
  printf("---decrypt complete---\n");
461
  printf("---decrypted data---\n");
462
  printf("%s\n", decrypted_text);
463

464
  printf("cleaning resources ...\n");
465
  rte_mempool_free(mbuf_pool);
466
  rte_mempool_free(crypto_op_pool);
467
  rte_mempool_free(sess_pool);
468
  if (encrypted_text)
469
    free(encrypted_text);
470
  if (decrypted_text)
471
    free((void *)decrypted_text);
472

473
  return 0;
474

475
cleanup:
476
  if (mbuf_pool)
477
    rte_mempool_free(mbuf_pool);
478
  if (crypto_op_pool)
479
    rte_mempool_free(crypto_op_pool);
480
  if (sess_pool)
481
    rte_mempool_free(sess_pool);
482
  rte_eal_cleanup();
483
  return -1;
484
}

cmake配置#

1
cmake_minimum_required(VERSION 3.20)
2
set(CMAKE_C_COMPILER clang)
3
set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
4
set(CMAKE_C_STANDARD 23)
5
set(CMAKE_C_STANDARD_REUIQRED ON)
6

7
project(dpdk_shared_mem_learning LANGUAGES C)
8

9
# use pkg-config to look up dpdk
10
find_package(PkgConfig REQUIRED)
11
if(PKG_CONFIG_FOUND)
12
  pkg_check_modules(DPDK "libdpdk")
13
  if(DPDK_FOUND)
14
    list(JOIN DPDK_LIBRARY_DIRS ":" DPDK_RPATH)
15
    message(STATUS "found dpdk via pkg-config")
16
  else()
17
    message(WARNING "unable to find dpdk via pkg-config")
18
  endif()
19
endif()
20

21
add_executable(encrypt encrypt.c)
22
target_link_libraries(encrypt PRIVATE
23
  ${DPDK_LIBRARIES}
24
)

运行命令#

1
./build/encrypt -l 6-7 --vdev crypto_openssl

期待输出#

1
...
2
EAL: Selected IOVA mode 'VA'
3
CRYPTODEV: Creating cryptodev crypto_openssl
4
CRYPTODEV: Initialisation parameters - name: crypto_openssl,socket id: 0, max queue pairs: 8
5
---start encrypt---
6
Original plaintext (padded): '54 68 69 73 20 69 73 20 61 20 73 65 63 72 65 74 65 20 6d 65 73 73 61 67 65 20 66 6f 72 20 41 45 53 2d 32 35 36 2d 43 42 43 20 65 6e 63 72 79 70 74 69 6f 6e 2e 20 68 65 6c 6c 6f 20 77 6f 72 6c 64 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00
7
Data length: 66 (Padded: 80)
8
Enqueued 1 ops
9
original op addr: 0x1010b6700
10
completed_op addr: 0x1010b6700
11

12
 encryption success
13
encrypted data (hex): 86 1a 24 21 1a 42 0b c6 12 bc b2 e0 f1 1a 7c d6 91 8a f7 a1 f2 ad 09 2e e4 59 f5 7f a4 aa 64 98 06 cb 71 5d b5 95 3b cc 4e 2b 4c ba dc 64 98 8f 09 d2 71 88 4f 8c 03 ee e7 c6 6f a2 52 3f 59 a2 4a 66 e2 94 0f 96 67 54 a5 2c 95 35 99 53 e3 fe
14
---encrypt complete---
15

16
---start decrypt---
17
Enqueued 1 ops
18
original op addr: 0x1010b6800
19
completed_op addr: 0x1010b6800
20
decryption success
21
decrypted data (hex): 54 68 69 73 20 69 73 20 61 20 73 65 63 72 65 74 65 20 6d 65 73 73 61 67 65 20 66 6f 72 20 41 45 53 2d 32 35 36 2d 43 42 43 20 65 6e 63 72 79 70 74 69 6f 6e 2e 20 68 65 6c 6c 6f 20 77 6f 72 6c 64 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00
22
---decrypt complete---
23
---decrypted data---
24
This is a secrete message for AES-256-CBC encryption. hello world!
25
cleaning resources ...