[PATCH] examples/l2fwd-crypto: fix session mempool size

[PATCH] examples/l2fwd-crypto: fix session mempool size

[Pablo de Lara]

The session mempool size for this application depends
on the number of crypto devices that are capable
of performing the operation given by the parameters on the app.

However, previously this calculation was done before all devices
were checked, resulting in an incorrect number of sessions
required.

Now the calculation of the devices to be used is done first,
followed by the creation of the session pool, resulting
in a correct number of objects needed for the sessions
to be created.

Fixes: e3bcb99a5e13 ("examples/l2fwd-crypto: limit number of sessions")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 541 +++++++++++++++++++++++++++----------------
 1 file changed, 341 insertions(+), 200 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 9ac06a697..93bce583c 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -1931,21 +1931,19 @@ check_supported_size(uint16_t length, uint16_t min, uint16_t max,
 static int
 check_iv_param(const struct rte_crypto_param_range *iv_range_size,
 		unsigned int iv_param, int iv_random_size,
-		uint16_t *iv_length)
+		uint16_t iv_length)
 {
 	/*
 	 * Check if length of provided IV is supported
 	 * by the algorithm chosen.
 	 */
 	if (iv_param) {
-		if (check_supported_size(*iv_length,
+		if (check_supported_size(iv_length,
 				iv_range_size->min,
 				iv_range_size->max,
 				iv_range_size->increment)
-					!= 0) {
-			printf("Unsupported IV length\n");
+					!= 0)
 			return -1;
-		}
 	/*
 	 * Check if length of IV to be randomly generated
 	 * is supported by the algorithm chosen.
@@ -1955,14 +1953,250 @@ check_iv_param(const struct rte_crypto_param_range *iv_range_size,
 				iv_range_size->min,
 				iv_range_size->max,
 				iv_range_size->increment)
-					!= 0) {
-			printf("Unsupported IV length\n");
+					!= 0)
+			return -1;
+	}
+
+	return 0;
+}
+
+static int
+check_capabilities(struct l2fwd_crypto_options *options, uint8_t cdev_id)
+{
+	struct rte_cryptodev_info dev_info;
+	const struct rte_cryptodev_capabilities *cap;
+
+	rte_cryptodev_info_get(cdev_id, &dev_info);
+
+	/* Set AEAD parameters */
+	if (options->xform_chain == L2FWD_CRYPTO_AEAD) {
+		/* Check if device supports AEAD algo */
+		cap = check_device_support_aead_algo(options, &dev_info,
+						cdev_id);
+		if (cap == NULL)
+			return -1;
+
+		if (check_iv_param(&cap->sym.aead.iv_size,
+				options->aead_iv_param,
+				options->aead_iv_random_size,
+				options->aead_iv.length) != 0) {
+			RTE_LOG(DEBUG, USER1,
+				"Device %u does not support IV length\n",
+				cdev_id);
 			return -1;
 		}
-		*iv_length = iv_random_size;
-	/* No size provided, use minimum size. */
-	} else
-		*iv_length = iv_range_size->min;
+
+		/*
+		 * Check if length of provided AEAD key is supported
+		 * by the algorithm chosen.
+		 */
+		if (options->aead_key_param) {
+			if (check_supported_size(
+					options->aead_xform.aead.key.length,
+					cap->sym.aead.key_size.min,
+					cap->sym.aead.key_size.max,
+					cap->sym.aead.key_size.increment)
+						!= 0) {
+				RTE_LOG(DEBUG, USER1,
+					"Device %u does not support "
+					"AEAD key length\n",
+					cdev_id);
+				return -1;
+			}
+		/*
+		 * Check if length of the aead key to be randomly generated
+		 * is supported by the algorithm chosen.
+		 */
+		} else if (options->aead_key_random_size != -1) {
+			if (check_supported_size(options->aead_key_random_size,
+					cap->sym.aead.key_size.min,
+					cap->sym.aead.key_size.max,
+					cap->sym.aead.key_size.increment)
+						!= 0) {
+				RTE_LOG(DEBUG, USER1,
+					"Device %u does not support "
+					"AEAD key length\n",
+					cdev_id);
+				return -1;
+			}
+		}
+
+
+		/*
+		 * Check if length of provided AAD is supported
+		 * by the algorithm chosen.
+		 */
+		if (options->aad_param) {
+			if (check_supported_size(options->aad.length,
+					cap->sym.aead.aad_size.min,
+					cap->sym.aead.aad_size.max,
+					cap->sym.aead.aad_size.increment)
+						!= 0) {
+				RTE_LOG(DEBUG, USER1,
+					"Device %u does not support "
+					"AAD length\n",
+					cdev_id);
+				return -1;
+			}
+		/*
+		 * Check if length of AAD to be randomly generated
+		 * is supported by the algorithm chosen.
+		 */
+		} else if (options->aad_random_size != -1) {
+			if (check_supported_size(options->aad_random_size,
+					cap->sym.aead.aad_size.min,
+					cap->sym.aead.aad_size.max,
+					cap->sym.aead.aad_size.increment)
+						!= 0) {
+				RTE_LOG(DEBUG, USER1,
+					"Device %u does not support "
+					"AAD length\n",
+					cdev_id);
+				return -1;
+			}
+		}
+
+		/* Check if digest size is supported by the algorithm. */
+		if (options->digest_size != -1) {
+			if (check_supported_size(options->digest_size,
+					cap->sym.aead.digest_size.min,
+					cap->sym.aead.digest_size.max,
+					cap->sym.aead.digest_size.increment)
+						!= 0) {
+				RTE_LOG(DEBUG, USER1,
+					"Device %u does not support "
+					"digest length\n",
+					cdev_id);
+				return -1;
+			}
+		}
+	}
+
+	/* Set cipher parameters */
+	if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH ||
+			options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
+			options->xform_chain == L2FWD_CRYPTO_CIPHER_ONLY) {
+		/* Check if device supports cipher algo */
+		cap = check_device_support_cipher_algo(options, &dev_info,
+						cdev_id);
+		if (cap == NULL)
+			return -1;
+
+		if (check_iv_param(&cap->sym.cipher.iv_size,
+				options->cipher_iv_param,
+				options->cipher_iv_random_size,
+				options->cipher_iv.length) != 0) {
+			RTE_LOG(DEBUG, USER1,
+				"Device %u does not support IV length\n",
+				cdev_id);
+			return -1;
+		}
+
+		/*
+		 * Check if length of provided cipher key is supported
+		 * by the algorithm chosen.
+		 */
+		if (options->ckey_param) {
+			if (check_supported_size(
+					options->cipher_xform.cipher.key.length,
+					cap->sym.cipher.key_size.min,
+					cap->sym.cipher.key_size.max,
+					cap->sym.cipher.key_size.increment)
+						!= 0) {
+				RTE_LOG(DEBUG, USER1,
+					"Device %u does not support cipher "
+					"key length\n",
+					cdev_id);
+				return -1;
+			}
+		/*
+		 * Check if length of the cipher key to be randomly generated
+		 * is supported by the algorithm chosen.
+		 */
+		} else if (options->ckey_random_size != -1) {
+			if (check_supported_size(options->ckey_random_size,
+					cap->sym.cipher.key_size.min,
+					cap->sym.cipher.key_size.max,
+					cap->sym.cipher.key_size.increment)
+						!= 0) {
+				RTE_LOG(DEBUG, USER1,
+					"Device %u does not support cipher "
+					"key length\n",
+					cdev_id);
+				return -1;
+			}
+		}
+	}
+
+	/* Set auth parameters */
+	if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH ||
+			options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
+			options->xform_chain == L2FWD_CRYPTO_HASH_ONLY) {
+		/* Check if device supports auth algo */
+		cap = check_device_support_auth_algo(options, &dev_info,
+						cdev_id);
+		if (cap == NULL)
+			return -1;
+
+		if (check_iv_param(&cap->sym.auth.iv_size,
+				options->auth_iv_param,
+				options->auth_iv_random_size,
+				options->auth_iv.length) != 0) {
+			RTE_LOG(DEBUG, USER1,
+				"Device %u does not support IV length\n",
+				cdev_id);
+			return -1;
+		}
+		/*
+		 * Check if length of provided auth key is supported
+		 * by the algorithm chosen.
+		 */
+		if (options->akey_param) {
+			if (check_supported_size(
+					options->auth_xform.auth.key.length,
+					cap->sym.auth.key_size.min,
+					cap->sym.auth.key_size.max,
+					cap->sym.auth.key_size.increment)
+						!= 0) {
+				RTE_LOG(DEBUG, USER1,
+					"Device %u does not support auth "
+					"key length\n",
+					cdev_id);
+				return -1;
+			}
+		/*
+		 * Check if length of the auth key to be randomly generated
+		 * is supported by the algorithm chosen.
+		 */
+		} else if (options->akey_random_size != -1) {
+			if (check_supported_size(options->akey_random_size,
+					cap->sym.auth.key_size.min,
+					cap->sym.auth.key_size.max,
+					cap->sym.auth.key_size.increment)
+						!= 0) {
+				RTE_LOG(DEBUG, USER1,
+					"Device %u does not support auth "
+					"key length\n",
+					cdev_id);
+				return -1;
+			}
+		}
+
+		/* Check if digest size is supported by the algorithm. */
+		if (options->digest_size != -1) {
+			if (check_supported_size(options->digest_size,
+					cap->sym.auth.digest_size.min,
+					cap->sym.auth.digest_size.max,
+					cap->sym.auth.digest_size.increment)
+						!= 0) {
+				RTE_LOG(DEBUG, USER1,
+					"Device %u does not support "
+					"digest length\n",
+					cdev_id);
+				return -1;
+			}
+		}
+	}
 
 	return 0;
 }
@@ -1971,7 +2205,7 @@ static int
 initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		uint8_t *enabled_cdevs)
 {
-	unsigned int cdev_id, cdev_count, enabled_cdev_count = 0;
+	uint8_t cdev_id, cdev_count, enabled_cdev_count = 0;
 	const struct rte_cryptodev_capabilities *cap;
 	unsigned int sess_sz, max_sess_sz = 0;
 	uint32_t sessions_needed = 0;
@@ -1983,16 +2217,32 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		return -1;
 	}
 
-	for (cdev_id = 0; cdev_id < cdev_count; cdev_id++) {
+	for (cdev_id = 0; cdev_id < cdev_count && enabled_cdev_count < nb_ports;
+			cdev_id++) {
 		sess_sz = rte_cryptodev_sym_get_private_session_size(cdev_id);
 		if (sess_sz > max_sess_sz)
 			max_sess_sz = sess_sz;
+
+		if (check_cryptodev_mask(options, cdev_id))
+			continue;
+
+		if (check_capabilities(options, cdev_id) < 0)
+			continue;
+
+		l2fwd_enabled_crypto_mask |= (((uint64_t)1) << cdev_id);
+
+		enabled_cdevs[cdev_id] = 1;
+		enabled_cdev_count++;
+
 	}
 
-	for (cdev_id = 0; cdev_id < cdev_count && enabled_cdev_count < nb_ports;
-			cdev_id++) {
+	for (cdev_id = 0; cdev_id < cdev_count; cdev_id++) {
 		struct rte_cryptodev_qp_conf qp_conf;
 		struct rte_cryptodev_info dev_info;
+
+		if (enabled_cdevs[cdev_id] == 0)
+			continue;
+
 		retval = rte_cryptodev_socket_id(cdev_id);
 
 		if (retval < 0) {
@@ -2007,9 +2257,6 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			.socket_id = socket_id,
 		};
 
-		if (check_cryptodev_mask(options, (uint8_t)cdev_id))
-			continue;
-
 		rte_cryptodev_info_get(cdev_id, &dev_info);
 
 		/*
@@ -2058,106 +2305,56 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 		/* Set AEAD parameters */
 		if (options->xform_chain == L2FWD_CRYPTO_AEAD) {
-			/* Check if device supports AEAD algo */
 			cap = check_device_support_aead_algo(options, &dev_info,
 							cdev_id);
-			if (cap == NULL)
-				continue;
-
 			options->block_size = cap->sym.aead.block_size;
 
-			check_iv_param(&cap->sym.aead.iv_size,
-					options->aead_iv_param,
-					options->aead_iv_random_size,
-					&options->aead_iv.length);
+			/* Set IV if not provided from command line */
+			if (options->aead_iv_param == 0) {
+				if (options->aead_iv_random_size != -1)
+					options->aead_iv.length =
+						options->aead_iv_random_size;
+				/* No size provided, use minimum size. */
+				else
+					options->aead_iv.length =
+						cap->sym.aead.iv_size.min;
+			}
 
-			/*
-			 * Check if length of provided AEAD key is supported
-			 * by the algorithm chosen.
-			 */
-			if (options->aead_key_param) {
-				if (check_supported_size(
-						options->aead_xform.aead.key.length,
-						cap->sym.aead.key_size.min,
-						cap->sym.aead.key_size.max,
-						cap->sym.aead.key_size.increment)
-							!= 0) {
-					printf("Unsupported aead key length\n");
-					return -1;
-				}
-			/*
-			 * Check if length of the aead key to be randomly generated
-			 * is supported by the algorithm chosen.
-			 */
-			} else if (options->aead_key_random_size != -1) {
-				if (check_supported_size(options->aead_key_random_size,
-						cap->sym.aead.key_size.min,
-						cap->sym.aead.key_size.max,
-						cap->sym.aead.key_size.increment)
-							!= 0) {
-					printf("Unsupported aead key length\n");
-					return -1;
-				}
-				options->aead_xform.aead.key.length =
-							options->aead_key_random_size;
-			/* No size provided, use minimum size. */
-			} else
-				options->aead_xform.aead.key.length =
+			/* Set key if not provided from command line */
+			if (options->aead_key_param == 0) {
+				if (options->aead_key_random_size != -1)
+					options->aead_xform.aead.key.length =
+						options->aead_key_random_size;
+				/* No size provided, use minimum size. */
+				else
+					options->aead_xform.aead.key.length =
 						cap->sym.aead.key_size.min;
 
-			if (!options->aead_key_param)
 				generate_random_key(
 					options->aead_xform.aead.key.data,
 					options->aead_xform.aead.key.length);
+			}
 
-			/*
-			 * Check if length of provided AAD is supported
-			 * by the algorithm chosen.
-			 */
-			if (options->aad_param) {
-				if (check_supported_size(options->aad.length,
-						cap->sym.aead.aad_size.min,
-						cap->sym.aead.aad_size.max,
-						cap->sym.aead.aad_size.increment)
-							!= 0) {
-					printf("Unsupported AAD length\n");
-					return -1;
-				}
-			/*
-			 * Check if length of AAD to be randomly generated
-			 * is supported by the algorithm chosen.
-			 */
-			} else if (options->aad_random_size != -1) {
-				if (check_supported_size(options->aad_random_size,
-						cap->sym.aead.aad_size.min,
-						cap->sym.aead.aad_size.max,
-						cap->sym.aead.aad_size.increment)
-							!= 0) {
-					printf("Unsupported AAD length\n");
-					return -1;
-				}
-				options->aad.length = options->aad_random_size;
-			/* No size provided, use minimum size. */
-			} else
-				options->aad.length = cap->sym.auth.aad_size.min;
+			/* Set AAD if not provided from command line */
+			if (options->aad_param == 0) {
+				if (options->aad_random_size != -1)
+					options->aad.length =
+						options->aad_random_size;
+				/* No size provided, use minimum size. */
+				else
+					options->aad.length =
+						cap->sym.auth.aad_size.min;
+			}
 
 			options->aead_xform.aead.aad_length =
 						options->aad.length;
 
-			/* Check if digest size is supported by the algorithm. */
-			if (options->digest_size != -1) {
-				if (check_supported_size(options->digest_size,
-						cap->sym.aead.digest_size.min,
-						cap->sym.aead.digest_size.max,
-						cap->sym.aead.digest_size.increment)
-							!= 0) {
-					printf("Unsupported digest length\n");
-					return -1;
-				}
+			/* Set digest size if not provided from command line */
+			if (options->digest_size != -1)
 				options->aead_xform.aead.digest_length =
 							options->digest_size;
-			/* No size provided, use minimum size. */
-			} else
+				/* No size provided, use minimum size. */
+			else
 				options->aead_xform.aead.digest_length =
 						cap->sym.aead.digest_size.min;
 		}
@@ -2166,127 +2363,76 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH ||
 				options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
 				options->xform_chain == L2FWD_CRYPTO_CIPHER_ONLY) {
-			/* Check if device supports cipher algo */
 			cap = check_device_support_cipher_algo(options, &dev_info,
 							cdev_id);
-			if (cap == NULL)
-				continue;
-
 			options->block_size = cap->sym.cipher.block_size;
 
-			check_iv_param(&cap->sym.cipher.iv_size,
-					options->cipher_iv_param,
-					options->cipher_iv_random_size,
-					&options->cipher_iv.length);
+			/* Set IV if not provided from command line */
+			if (options->cipher_iv_param == 0) {
+				if (options->cipher_iv_random_size != -1)
+					options->cipher_iv.length =
+						options->cipher_iv_random_size;
+				/* No size provided, use minimum size. */
+				else
+					options->cipher_iv.length =
+						cap->sym.cipher.iv_size.min;
+			}
 
-			/*
-			 * Check if length of provided cipher key is supported
-			 * by the algorithm chosen.
-			 */
-			if (options->ckey_param) {
-				if (check_supported_size(
-						options->cipher_xform.cipher.key.length,
-						cap->sym.cipher.key_size.min,
-						cap->sym.cipher.key_size.max,
-						cap->sym.cipher.key_size.increment)
-							!= 0) {
-					printf("Unsupported cipher key length\n");
-					return -1;
-				}
-			/*
-			 * Check if length of the cipher key to be randomly generated
-			 * is supported by the algorithm chosen.
-			 */
-			} else if (options->ckey_random_size != -1) {
-				if (check_supported_size(options->ckey_random_size,
-						cap->sym.cipher.key_size.min,
-						cap->sym.cipher.key_size.max,
-						cap->sym.cipher.key_size.increment)
-							!= 0) {
-					printf("Unsupported cipher key length\n");
-					return -1;
-				}
-				options->cipher_xform.cipher.key.length =
-							options->ckey_random_size;
-			/* No size provided, use minimum size. */
-			} else
-				options->cipher_xform.cipher.key.length =
+			/* Set key if not provided from command line */
+			if (options->ckey_param == 0) {
+				if (options->ckey_random_size != -1)
+					options->cipher_xform.cipher.key.length =
+						options->ckey_random_size;
+				/* No size provided, use minimum size. */
+				else
+					options->cipher_xform.cipher.key.length =
 						cap->sym.cipher.key_size.min;
 
-			if (!options->ckey_param)
 				generate_random_key(
 					options->cipher_xform.cipher.key.data,
 					options->cipher_xform.cipher.key.length);
-
+			}
 		}
 
 		/* Set auth parameters */
 		if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH ||
 				options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
 				options->xform_chain == L2FWD_CRYPTO_HASH_ONLY) {
-			/* Check if device supports auth algo */
 			cap = check_device_support_auth_algo(options, &dev_info,
 							cdev_id);
-			if (cap == NULL)
-				continue;
 
-			check_iv_param(&cap->sym.auth.iv_size,
-					options->auth_iv_param,
-					options->auth_iv_random_size,
-					&options->auth_iv.length);
-			/*
-			 * Check if length of provided auth key is supported
-			 * by the algorithm chosen.
-			 */
-			if (options->akey_param) {
-				if (check_supported_size(
-						options->auth_xform.auth.key.length,
-						cap->sym.auth.key_size.min,
-						cap->sym.auth.key_size.max,
-						cap->sym.auth.key_size.increment)
-							!= 0) {
-					printf("Unsupported auth key length\n");
-					return -1;
-				}
-			/*
-			 * Check if length of the auth key to be randomly generated
-			 * is supported by the algorithm chosen.
-			 */
-			} else if (options->akey_random_size != -1) {
-				if (check_supported_size(options->akey_random_size,
-						cap->sym.auth.key_size.min,
-						cap->sym.auth.key_size.max,
-						cap->sym.auth.key_size.increment)
-							!= 0) {
-					printf("Unsupported auth key length\n");
-					return -1;
-				}
-				options->auth_xform.auth.key.length =
-							options->akey_random_size;
-			/* No size provided, use minimum size. */
-			} else
-				options->auth_xform.auth.key.length =
+			/* Set IV if not provided from command line */
+			if (options->auth_iv_param == 0) {
+				if (options->auth_iv_random_size != -1)
+					options->auth_iv.length =
+						options->auth_iv_random_size;
+				/* No size provided, use minimum size. */
+				else
+					options->auth_iv.length =
+						cap->sym.auth.iv_size.min;
+			}
+
+			/* Set key if not provided from command line */
+			if (options->akey_param == 0) {
+				if (options->akey_random_size != -1)
+					options->auth_xform.auth.key.length =
+						options->akey_random_size;
+				/* No size provided, use minimum size. */
+				else
+					options->auth_xform.auth.key.length =
 						cap->sym.auth.key_size.min;
 
-			if (!options->akey_param)
 				generate_random_key(
 					options->auth_xform.auth.key.data,
 					options->auth_xform.auth.key.length);
+			}
 
-			/* Check if digest size is supported by the algorithm. */
-			if (options->digest_size != -1) {
-				if (check_supported_size(options->digest_size,
-						cap->sym.auth.digest_size.min,
-						cap->sym.auth.digest_size.max,
-						cap->sym.auth.digest_size.increment)
-							!= 0) {
-					printf("Unsupported digest length\n");
-					return -1;
-				}
+			/* Set digest size if not provided from command line */
+			if (options->digest_size != -1)
 				options->auth_xform.auth.digest_length =
 							options->digest_size;
-			/* No size provided, use minimum size. */
-			} else
+				/* No size provided, use minimum size. */
+			else
 				options->auth_xform.auth.digest_length =
 						cap->sym.auth.digest_size.min;
 		}
@@ -2313,11 +2459,6 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 					cdev_id, retval);
 			return -1;
 		}
-
-		l2fwd_enabled_crypto_mask |= (((uint64_t)1) << cdev_id);
-
-		enabled_cdevs[cdev_id] = 1;
-		enabled_cdev_count++;
 	}
 
 	return enabled_cdev_count;
-- 
2.14.4

[PATCH v2 0/5] L2fwd-crypto fixes

[Pablo de Lara]

v2 changes:
- Split patch into multiple patches for better review
- First two patches are fixes for previous releases

Pablo de Lara (5):
  examples/l2fwd-crypto: check return value on IV size check
  examples/l2fwd-crypto: skip device not supporting operation
  examples/l2fwd-crypto: separate IV check from xform setting
  examples/l2fwd-crypto: fix session mempool size
  examples/l2fwd-crypto: remove duplicated capability check

 examples/l2fwd-crypto/main.c | 539 +++++++++++++++++++++++++++----------------
 1 file changed, 340 insertions(+), 199 deletions(-)

-- 
2.14.4

[PATCH v2 1/5] examples/l2fwd-crypto: check return value on IV size check

[Pablo de Lara]

IV size parameter is checked through a function,
but its return value was not checked.

Fixes: 0fbd75a99fc9 ("cryptodev: move IV parameters to session")
Fixes: acf8616901b5 ("cryptodev: add auth IV")
Fixes: 2661f4fbe93d ("examples/l2fwd-crypto: add AEAD parameters")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Cc: stable@dpdk.org
---
 examples/l2fwd-crypto/main.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 9ac06a697..dc97a9b40 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -2066,10 +2066,11 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 			options->block_size = cap->sym.aead.block_size;
 
-			check_iv_param(&cap->sym.aead.iv_size,
+			if (check_iv_param(&cap->sym.aead.iv_size,
 					options->aead_iv_param,
 					options->aead_iv_random_size,
-					&options->aead_iv.length);
+					&options->aead_iv.length) < 0)
+				return -1;
 
 			/*
 			 * Check if length of provided AEAD key is supported
@@ -2174,10 +2175,11 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 			options->block_size = cap->sym.cipher.block_size;
 
-			check_iv_param(&cap->sym.cipher.iv_size,
+			if (check_iv_param(&cap->sym.cipher.iv_size,
 					options->cipher_iv_param,
 					options->cipher_iv_random_size,
-					&options->cipher_iv.length);
+					&options->cipher_iv.length) < 0)
+				return -1;
 
 			/*
 			 * Check if length of provided cipher key is supported
@@ -2230,10 +2232,11 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			if (cap == NULL)
 				continue;
 
-			check_iv_param(&cap->sym.auth.iv_size,
+			if (check_iv_param(&cap->sym.auth.iv_size,
 					options->auth_iv_param,
 					options->auth_iv_random_size,
-					&options->auth_iv.length);
+					&options->auth_iv.length) < 0)
+				return -1;
 			/*
 			 * Check if length of provided auth key is supported
 			 * by the algorithm chosen.
-- 
2.14.4

[PATCH v2 2/5] examples/l2fwd-crypto: skip device not supporting operation

[Pablo de Lara]

When a crypto device does not support an algorithm, it is skipped
and not used. However, when it does support it, but not the rest
of the parameters (IV, key, AAD sizes...), application stops.
Instead, the device should be skipped and the search of a suitable
device should continue.

Fixes: a061e50a0d97 ("examples/l2fwd-crypto: fix ambiguous input key size")
Cc: stable@dpdk.org

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index dc97a9b40..e334b9bd0 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -2070,7 +2070,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 					options->aead_iv_param,
 					options->aead_iv_random_size,
 					&options->aead_iv.length) < 0)
-				return -1;
+				continue;
 
 			/*
 			 * Check if length of provided AEAD key is supported
@@ -2084,7 +2084,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 						cap->sym.aead.key_size.increment)
 							!= 0) {
 					printf("Unsupported aead key length\n");
-					return -1;
+					continue;
 				}
 			/*
 			 * Check if length of the aead key to be randomly generated
@@ -2097,7 +2097,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 						cap->sym.aead.key_size.increment)
 							!= 0) {
 					printf("Unsupported aead key length\n");
-					return -1;
+					continue;
 				}
 				options->aead_xform.aead.key.length =
 							options->aead_key_random_size;
@@ -2122,7 +2122,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 						cap->sym.aead.aad_size.increment)
 							!= 0) {
 					printf("Unsupported AAD length\n");
-					return -1;
+					continue;
 				}
 			/*
 			 * Check if length of AAD to be randomly generated
@@ -2135,7 +2135,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 						cap->sym.aead.aad_size.increment)
 							!= 0) {
 					printf("Unsupported AAD length\n");
-					return -1;
+					continue;
 				}
 				options->aad.length = options->aad_random_size;
 			/* No size provided, use minimum size. */
@@ -2153,7 +2153,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 						cap->sym.aead.digest_size.increment)
 							!= 0) {
 					printf("Unsupported digest length\n");
-					return -1;
+					continue;
 				}
 				options->aead_xform.aead.digest_length =
 							options->digest_size;
@@ -2179,7 +2179,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 					options->cipher_iv_param,
 					options->cipher_iv_random_size,
 					&options->cipher_iv.length) < 0)
-				return -1;
+				continue;
 
 			/*
 			 * Check if length of provided cipher key is supported
@@ -2193,7 +2193,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 						cap->sym.cipher.key_size.increment)
 							!= 0) {
 					printf("Unsupported cipher key length\n");
-					return -1;
+					continue;
 				}
 			/*
 			 * Check if length of the cipher key to be randomly generated
@@ -2206,7 +2206,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 						cap->sym.cipher.key_size.increment)
 							!= 0) {
 					printf("Unsupported cipher key length\n");
-					return -1;
+					continue;
 				}
 				options->cipher_xform.cipher.key.length =
 							options->ckey_random_size;
@@ -2236,7 +2236,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 					options->auth_iv_param,
 					options->auth_iv_random_size,
 					&options->auth_iv.length) < 0)
-				return -1;
+				continue;
 			/*
 			 * Check if length of provided auth key is supported
 			 * by the algorithm chosen.
@@ -2249,7 +2249,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 						cap->sym.auth.key_size.increment)
 							!= 0) {
 					printf("Unsupported auth key length\n");
-					return -1;
+					continue;
 				}
 			/*
 			 * Check if length of the auth key to be randomly generated
@@ -2262,7 +2262,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 						cap->sym.auth.key_size.increment)
 							!= 0) {
 					printf("Unsupported auth key length\n");
-					return -1;
+					continue;
 				}
 				options->auth_xform.auth.key.length =
 							options->akey_random_size;
@@ -2284,7 +2284,7 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 						cap->sym.auth.digest_size.increment)
 							!= 0) {
 					printf("Unsupported digest length\n");
-					return -1;
+					continue;
 				}
 				options->auth_xform.auth.digest_length =
 							options->digest_size;
-- 
2.14.4

[PATCH v2 3/5] examples/l2fwd-crypto: separate IV check from xform setting

[Pablo de Lara]

IV_param_check() function was checking if the IV size provided
was supported by device and setting the IV size in the xform
structure.

Instead of this, the function should only do the parameter check
and outside the IV size on the xform is set.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 63 +++++++++++++++++++++++++++++++++-----------
 1 file changed, 48 insertions(+), 15 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index e334b9bd0..15f6b856f 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -1931,21 +1931,19 @@ check_supported_size(uint16_t length, uint16_t min, uint16_t max,
 static int
 check_iv_param(const struct rte_crypto_param_range *iv_range_size,
 		unsigned int iv_param, int iv_random_size,
-		uint16_t *iv_length)
+		uint16_t iv_length)
 {
 	/*
 	 * Check if length of provided IV is supported
 	 * by the algorithm chosen.
 	 */
 	if (iv_param) {
-		if (check_supported_size(*iv_length,
+		if (check_supported_size(iv_length,
 				iv_range_size->min,
 				iv_range_size->max,
 				iv_range_size->increment)
-					!= 0) {
-			printf("Unsupported IV length\n");
+					!= 0)
 			return -1;
-		}
 	/*
 	 * Check if length of IV to be randomly generated
 	 * is supported by the algorithm chosen.
@@ -1955,14 +1953,9 @@ check_iv_param(const struct rte_crypto_param_range *iv_range_size,
 				iv_range_size->min,
 				iv_range_size->max,
 				iv_range_size->increment)
-					!= 0) {
-			printf("Unsupported IV length\n");
+					!= 0)
 			return -1;
-		}
-		*iv_length = iv_random_size;
-	/* No size provided, use minimum size. */
-	} else
-		*iv_length = iv_range_size->min;
+	}
 
 	return 0;
 }
@@ -2069,8 +2062,21 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			if (check_iv_param(&cap->sym.aead.iv_size,
 					options->aead_iv_param,
 					options->aead_iv_random_size,
-					&options->aead_iv.length) < 0)
+					options->aead_iv.length) < 0) {
+				printf("Unsupported IV length\n");
 				continue;
+			}
+
+			/* Set IV if not provided from command line */
+			if (options->aead_iv_param == 0) {
+				if (options->aead_iv_random_size != -1)
+					options->aead_iv.length =
+						options->aead_iv_random_size;
+				/* No size provided, use minimum size. */
+				else
+					options->aead_iv.length =
+						cap->sym.aead.iv_size.min;
+			}
 
 			/*
 			 * Check if length of provided AEAD key is supported
@@ -2178,8 +2184,21 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			if (check_iv_param(&cap->sym.cipher.iv_size,
 					options->cipher_iv_param,
 					options->cipher_iv_random_size,
-					&options->cipher_iv.length) < 0)
+					options->cipher_iv.length) < 0) {
+				printf("Unsupported IV length\n");
 				continue;
+			}
+
+			/* Set IV if not provided from command line */
+			if (options->cipher_iv_param == 0) {
+				if (options->cipher_iv_random_size != -1)
+					options->cipher_iv.length =
+						options->cipher_iv_random_size;
+				/* No size provided, use minimum size. */
+				else
+					options->cipher_iv.length =
+						cap->sym.cipher.iv_size.min;
+			}
 
 			/*
 			 * Check if length of provided cipher key is supported
@@ -2235,8 +2254,22 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			if (check_iv_param(&cap->sym.auth.iv_size,
 					options->auth_iv_param,
 					options->auth_iv_random_size,
-					&options->auth_iv.length) < 0)
+					options->auth_iv.length) < 0) {
+				printf("Unsupported IV length\n");
 				continue;
+			}
+
+			/* Set IV if not provided from command line */
+			if (options->auth_iv_param == 0) {
+				if (options->auth_iv_random_size != -1)
+					options->auth_iv.length =
+						options->auth_iv_random_size;
+				/* No size provided, use minimum size. */
+				else
+					options->auth_iv.length =
+						cap->sym.auth.iv_size.min;
+			}
+
 			/*
 			 * Check if length of provided auth key is supported
 			 * by the algorithm chosen.
-- 
2.14.4

[PATCH v2 4/5] examples/l2fwd-crypto: fix session mempool size

[Pablo de Lara]

The session mempool size for this application depends
on the number of crypto devices that are capable
of performing the operation given by the parameters on the app.

However, previously this calculation was done before all devices
were checked, resulting in an incorrect number of sessions
required.

Now the calculation of the devices to be used is done first
(checking the capabilities of the enabled devices),
followed by the creation of the session pool, resulting
in a correct number of objects needed for the sessions
to be created.

Fixes: e3bcb99a5e13 ("examples/l2fwd-crypto: limit number of sessions")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 272 +++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 260 insertions(+), 12 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 15f6b856f..273c852f1 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -1960,11 +1960,252 @@ check_iv_param(const struct rte_crypto_param_range *iv_range_size,
 	return 0;
 }
 
+static int
+check_capabilities(struct l2fwd_crypto_options *options, uint8_t cdev_id)
+{
+	struct rte_cryptodev_info dev_info;
+	const struct rte_cryptodev_capabilities *cap;
+
+	rte_cryptodev_info_get(cdev_id, &dev_info);
+
+	/* Set AEAD parameters */
+	if (options->xform_chain == L2FWD_CRYPTO_AEAD) {
+		/* Check if device supports AEAD algo */
+		cap = check_device_support_aead_algo(options, &dev_info,
+						cdev_id);
+		if (cap == NULL)
+			return -1;
+
+		if (check_iv_param(&cap->sym.aead.iv_size,
+				options->aead_iv_param,
+				options->aead_iv_random_size,
+				options->aead_iv.length) != 0) {
+			RTE_LOG(DEBUG, USER1,
+				"Device %u does not support IV length\n",
+				cdev_id);
+			return -1;
+		}
+
+		/*
+		 * Check if length of provided AEAD key is supported
+		 * by the algorithm chosen.
+		 */
+		if (options->aead_key_param) {
+			if (check_supported_size(
+					options->aead_xform.aead.key.length,
+					cap->sym.aead.key_size.min,
+					cap->sym.aead.key_size.max,
+					cap->sym.aead.key_size.increment)
+						!= 0) {
+				RTE_LOG(DEBUG, USER1,
+					"Device %u does not support "
+					"AEAD key length\n",
+					cdev_id);
+				return -1;
+			}
+		/*
+		 * Check if length of the aead key to be randomly generated
+		 * is supported by the algorithm chosen.
+		 */
+		} else if (options->aead_key_random_size != -1) {
+			if (check_supported_size(options->aead_key_random_size,
+					cap->sym.aead.key_size.min,
+					cap->sym.aead.key_size.max,
+					cap->sym.aead.key_size.increment)
+						!= 0) {
+				RTE_LOG(DEBUG, USER1,
+					"Device %u does not support "
+					"AEAD key length\n",
+					cdev_id);
+				return -1;
+			}
+		}
+
+
+		/*
+		 * Check if length of provided AAD is supported
+		 * by the algorithm chosen.
+		 */
+		if (options->aad_param) {
+			if (check_supported_size(options->aad.length,
+					cap->sym.aead.aad_size.min,
+					cap->sym.aead.aad_size.max,
+					cap->sym.aead.aad_size.increment)
+						!= 0) {
+				RTE_LOG(DEBUG, USER1,
+					"Device %u does not support "
+					"AAD length\n",
+					cdev_id);
+				return -1;
+			}
+		/*
+		 * Check if length of AAD to be randomly generated
+		 * is supported by the algorithm chosen.
+		 */
+		} else if (options->aad_random_size != -1) {
+			if (check_supported_size(options->aad_random_size,
+					cap->sym.aead.aad_size.min,
+					cap->sym.aead.aad_size.max,
+					cap->sym.aead.aad_size.increment)
+						!= 0) {
+				RTE_LOG(DEBUG, USER1,
+					"Device %u does not support "
+					"AAD length\n",
+					cdev_id);
+				return -1;
+			}
+		}
+
+		/* Check if digest size is supported by the algorithm. */
+		if (options->digest_size != -1) {
+			if (check_supported_size(options->digest_size,
+					cap->sym.aead.digest_size.min,
+					cap->sym.aead.digest_size.max,
+					cap->sym.aead.digest_size.increment)
+						!= 0) {
+				RTE_LOG(DEBUG, USER1,
+					"Device %u does not support "
+					"digest length\n",
+					cdev_id);
+				return -1;
+			}
+		}
+	}
+
+	/* Set cipher parameters */
+	if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH ||
+			options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
+			options->xform_chain == L2FWD_CRYPTO_CIPHER_ONLY) {
+		/* Check if device supports cipher algo */
+		cap = check_device_support_cipher_algo(options, &dev_info,
+						cdev_id);
+		if (cap == NULL)
+			return -1;
+
+		if (check_iv_param(&cap->sym.cipher.iv_size,
+				options->cipher_iv_param,
+				options->cipher_iv_random_size,
+				options->cipher_iv.length) != 0) {
+			RTE_LOG(DEBUG, USER1,
+				"Device %u does not support IV length\n",
+				cdev_id);
+			return -1;
+		}
+
+		/*
+		 * Check if length of provided cipher key is supported
+		 * by the algorithm chosen.
+		 */
+		if (options->ckey_param) {
+			if (check_supported_size(
+					options->cipher_xform.cipher.key.length,
+					cap->sym.cipher.key_size.min,
+					cap->sym.cipher.key_size.max,
+					cap->sym.cipher.key_size.increment)
+						!= 0) {
+				RTE_LOG(DEBUG, USER1,
+					"Device %u does not support cipher "
+					"key length\n",
+					cdev_id);
+				return -1;
+			}
+		/*
+		 * Check if length of the cipher key to be randomly generated
+		 * is supported by the algorithm chosen.
+		 */
+		} else if (options->ckey_random_size != -1) {
+			if (check_supported_size(options->ckey_random_size,
+					cap->sym.cipher.key_size.min,
+					cap->sym.cipher.key_size.max,
+					cap->sym.cipher.key_size.increment)
+						!= 0) {
+				RTE_LOG(DEBUG, USER1,
+					"Device %u does not support cipher "
+					"key length\n",
+					cdev_id);
+				return -1;
+			}
+		}
+	}
+
+	/* Set auth parameters */
+	if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH ||
+			options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
+			options->xform_chain == L2FWD_CRYPTO_HASH_ONLY) {
+		/* Check if device supports auth algo */
+		cap = check_device_support_auth_algo(options, &dev_info,
+						cdev_id);
+		if (cap == NULL)
+			return -1;
+
+		if (check_iv_param(&cap->sym.auth.iv_size,
+				options->auth_iv_param,
+				options->auth_iv_random_size,
+				options->auth_iv.length) != 0) {
+			RTE_LOG(DEBUG, USER1,
+				"Device %u does not support IV length\n",
+				cdev_id);
+			return -1;
+		}
+		/*
+		 * Check if length of provided auth key is supported
+		 * by the algorithm chosen.
+		 */
+		if (options->akey_param) {
+			if (check_supported_size(
+					options->auth_xform.auth.key.length,
+					cap->sym.auth.key_size.min,
+					cap->sym.auth.key_size.max,
+					cap->sym.auth.key_size.increment)
+						!= 0) {
+				RTE_LOG(DEBUG, USER1,
+					"Device %u does not support auth "
+					"key length\n",
+					cdev_id);
+				return -1;
+			}
+		/*
+		 * Check if length of the auth key to be randomly generated
+		 * is supported by the algorithm chosen.
+		 */
+		} else if (options->akey_random_size != -1) {
+			if (check_supported_size(options->akey_random_size,
+					cap->sym.auth.key_size.min,
+					cap->sym.auth.key_size.max,
+					cap->sym.auth.key_size.increment)
+						!= 0) {
+				RTE_LOG(DEBUG, USER1,
+					"Device %u does not support auth "
+					"key length\n",
+					cdev_id);
+				return -1;
+			}
+		}
+
+		/* Check if digest size is supported by the algorithm. */
+		if (options->digest_size != -1) {
+			if (check_supported_size(options->digest_size,
+					cap->sym.auth.digest_size.min,
+					cap->sym.auth.digest_size.max,
+					cap->sym.auth.digest_size.increment)
+						!= 0) {
+				RTE_LOG(DEBUG, USER1,
+					"Device %u does not support "
+					"digest length\n",
+					cdev_id);
+				return -1;
+			}
+		}
+	}
+
+	return 0;
+}
+
 static int
 initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		uint8_t *enabled_cdevs)
 {
-	unsigned int cdev_id, cdev_count, enabled_cdev_count = 0;
+	uint8_t cdev_id, cdev_count, enabled_cdev_count = 0;
 	const struct rte_cryptodev_capabilities *cap;
 	unsigned int sess_sz, max_sess_sz = 0;
 	uint32_t sessions_needed = 0;
@@ -1976,16 +2217,31 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		return -1;
 	}
 
-	for (cdev_id = 0; cdev_id < cdev_count; cdev_id++) {
+	for (cdev_id = 0; cdev_id < cdev_count && enabled_cdev_count < nb_ports;
+			cdev_id++) {
 		sess_sz = rte_cryptodev_sym_get_private_session_size(cdev_id);
 		if (sess_sz > max_sess_sz)
 			max_sess_sz = sess_sz;
+
+		if (check_cryptodev_mask(options, cdev_id) < 0)
+			continue;
+
+		if (check_capabilities(options, cdev_id) < 0)
+			continue;
+
+		l2fwd_enabled_crypto_mask |= (((uint64_t)1) << cdev_id);
+
+		enabled_cdevs[cdev_id] = 1;
+		enabled_cdev_count++;
 	}
 
-	for (cdev_id = 0; cdev_id < cdev_count && enabled_cdev_count < nb_ports;
-			cdev_id++) {
+	for (cdev_id = 0; cdev_id < cdev_count; cdev_id++) {
 		struct rte_cryptodev_qp_conf qp_conf;
 		struct rte_cryptodev_info dev_info;
+
+		if (enabled_cdevs[cdev_id] == 0)
+			continue;
+
 		retval = rte_cryptodev_socket_id(cdev_id);
 
 		if (retval < 0) {
@@ -2000,9 +2256,6 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 			.socket_id = socket_id,
 		};
 
-		if (check_cryptodev_mask(options, (uint8_t)cdev_id))
-			continue;
-
 		rte_cryptodev_info_get(cdev_id, &dev_info);
 
 		/*
@@ -2349,11 +2602,6 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 					cdev_id, retval);
 			return -1;
 		}
-
-		l2fwd_enabled_crypto_mask |= (((uint64_t)1) << cdev_id);
-
-		enabled_cdevs[cdev_id] = 1;
-		enabled_cdev_count++;
 	}
 
 	return enabled_cdev_count;
-- 
2.14.4

[PATCH v2 5/5] examples/l2fwd-crypto: remove duplicated capability check

[Pablo de Lara]

Now that device capabilities are checked separately,
before setting the xform parameters, it is not required
to do the check again, leaving only the xform setting
with the device configuration.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 examples/l2fwd-crypto/main.c | 233 +++++++++----------------------------------
 1 file changed, 45 insertions(+), 188 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 273c852f1..ef3302545 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -2304,22 +2304,11 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 
 		/* Set AEAD parameters */
 		if (options->xform_chain == L2FWD_CRYPTO_AEAD) {
-			/* Check if device supports AEAD algo */
 			cap = check_device_support_aead_algo(options, &dev_info,
 							cdev_id);
-			if (cap == NULL)
-				continue;
 
 			options->block_size = cap->sym.aead.block_size;
 
-			if (check_iv_param(&cap->sym.aead.iv_size,
-					options->aead_iv_param,
-					options->aead_iv_random_size,
-					options->aead_iv.length) < 0) {
-				printf("Unsupported IV length\n");
-				continue;
-			}
-
 			/* Set IV if not provided from command line */
 			if (options->aead_iv_param == 0) {
 				if (options->aead_iv_random_size != -1)
@@ -2331,93 +2320,41 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 						cap->sym.aead.iv_size.min;
 			}
 
-			/*
-			 * Check if length of provided AEAD key is supported
-			 * by the algorithm chosen.
-			 */
-			if (options->aead_key_param) {
-				if (check_supported_size(
-						options->aead_xform.aead.key.length,
-						cap->sym.aead.key_size.min,
-						cap->sym.aead.key_size.max,
-						cap->sym.aead.key_size.increment)
-							!= 0) {
-					printf("Unsupported aead key length\n");
-					continue;
-				}
-			/*
-			 * Check if length of the aead key to be randomly generated
-			 * is supported by the algorithm chosen.
-			 */
-			} else if (options->aead_key_random_size != -1) {
-				if (check_supported_size(options->aead_key_random_size,
-						cap->sym.aead.key_size.min,
-						cap->sym.aead.key_size.max,
-						cap->sym.aead.key_size.increment)
-							!= 0) {
-					printf("Unsupported aead key length\n");
-					continue;
-				}
-				options->aead_xform.aead.key.length =
-							options->aead_key_random_size;
-			/* No size provided, use minimum size. */
-			} else
-				options->aead_xform.aead.key.length =
+			/* Set key if not provided from command line */
+			if (options->aead_key_param == 0) {
+				if (options->aead_key_random_size != -1)
+					options->aead_xform.aead.key.length =
+						options->aead_key_random_size;
+				/* No size provided, use minimum size. */
+				else
+					options->aead_xform.aead.key.length =
 						cap->sym.aead.key_size.min;
 
-			if (!options->aead_key_param)
 				generate_random_key(
 					options->aead_xform.aead.key.data,
 					options->aead_xform.aead.key.length);
+			}
 
-			/*
-			 * Check if length of provided AAD is supported
-			 * by the algorithm chosen.
-			 */
-			if (options->aad_param) {
-				if (check_supported_size(options->aad.length,
-						cap->sym.aead.aad_size.min,
-						cap->sym.aead.aad_size.max,
-						cap->sym.aead.aad_size.increment)
-							!= 0) {
-					printf("Unsupported AAD length\n");
-					continue;
-				}
-			/*
-			 * Check if length of AAD to be randomly generated
-			 * is supported by the algorithm chosen.
-			 */
-			} else if (options->aad_random_size != -1) {
-				if (check_supported_size(options->aad_random_size,
-						cap->sym.aead.aad_size.min,
-						cap->sym.aead.aad_size.max,
-						cap->sym.aead.aad_size.increment)
-							!= 0) {
-					printf("Unsupported AAD length\n");
-					continue;
-				}
-				options->aad.length = options->aad_random_size;
-			/* No size provided, use minimum size. */
-			} else
-				options->aad.length = cap->sym.auth.aad_size.min;
+			/* Set AAD if not provided from command line */
+			if (options->aad_param == 0) {
+				if (options->aad_random_size != -1)
+					options->aad.length =
+						options->aad_random_size;
+				/* No size provided, use minimum size. */
+				else
+					options->aad.length =
+						cap->sym.auth.aad_size.min;
+			}
 
 			options->aead_xform.aead.aad_length =
 						options->aad.length;
 
-			/* Check if digest size is supported by the algorithm. */
-			if (options->digest_size != -1) {
-				if (check_supported_size(options->digest_size,
-						cap->sym.aead.digest_size.min,
-						cap->sym.aead.digest_size.max,
-						cap->sym.aead.digest_size.increment)
-							!= 0) {
-					printf("Unsupported digest length\n");
-					continue;
-				}
+			/* Set digest size if not provided from command line */
+			if (options->digest_size != -1)
 				options->aead_xform.aead.digest_length =
 							options->digest_size;
-			/* No size provided, use minimum size. */
-			} else
+				/* No size provided, use minimum size. */
+			else
 				options->aead_xform.aead.digest_length =
 						cap->sym.aead.digest_size.min;
 		}
@@ -2426,22 +2363,10 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 		if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH ||
 				options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
 				options->xform_chain == L2FWD_CRYPTO_CIPHER_ONLY) {
-			/* Check if device supports cipher algo */
 			cap = check_device_support_cipher_algo(options, &dev_info,
 							cdev_id);
-			if (cap == NULL)
-				continue;
-
 			options->block_size = cap->sym.cipher.block_size;
 
-			if (check_iv_param(&cap->sym.cipher.iv_size,
-					options->cipher_iv_param,
-					options->cipher_iv_random_size,
-					options->cipher_iv.length) < 0) {
-				printf("Unsupported IV length\n");
-				continue;
-			}
-
 			/* Set IV if not provided from command line */
 			if (options->cipher_iv_param == 0) {
 				if (options->cipher_iv_random_size != -1)
@@ -2453,64 +2378,28 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 						cap->sym.cipher.iv_size.min;
 			}
 
-			/*
-			 * Check if length of provided cipher key is supported
-			 * by the algorithm chosen.
-			 */
-			if (options->ckey_param) {
-				if (check_supported_size(
-						options->cipher_xform.cipher.key.length,
-						cap->sym.cipher.key_size.min,
-						cap->sym.cipher.key_size.max,
-						cap->sym.cipher.key_size.increment)
-							!= 0) {
-					printf("Unsupported cipher key length\n");
-					continue;
-				}
-			/*
-			 * Check if length of the cipher key to be randomly generated
-			 * is supported by the algorithm chosen.
-			 */
-			} else if (options->ckey_random_size != -1) {
-				if (check_supported_size(options->ckey_random_size,
-						cap->sym.cipher.key_size.min,
-						cap->sym.cipher.key_size.max,
-						cap->sym.cipher.key_size.increment)
-							!= 0) {
-					printf("Unsupported cipher key length\n");
-					continue;
-				}
-				options->cipher_xform.cipher.key.length =
-							options->ckey_random_size;
-			/* No size provided, use minimum size. */
-			} else
-				options->cipher_xform.cipher.key.length =
+			/* Set key if not provided from command line */
+			if (options->ckey_param == 0) {
+				if (options->ckey_random_size != -1)
+					options->cipher_xform.cipher.key.length =
+						options->ckey_random_size;
+				/* No size provided, use minimum size. */
+				else
+					options->cipher_xform.cipher.key.length =
 						cap->sym.cipher.key_size.min;
 
-			if (!options->ckey_param)
 				generate_random_key(
 					options->cipher_xform.cipher.key.data,
 					options->cipher_xform.cipher.key.length);
-
+			}
 		}
 
 		/* Set auth parameters */
 		if (options->xform_chain == L2FWD_CRYPTO_CIPHER_HASH ||
 				options->xform_chain == L2FWD_CRYPTO_HASH_CIPHER ||
 				options->xform_chain == L2FWD_CRYPTO_HASH_ONLY) {
-			/* Check if device supports auth algo */
 			cap = check_device_support_auth_algo(options, &dev_info,
 							cdev_id);
-			if (cap == NULL)
-				continue;
-
-			if (check_iv_param(&cap->sym.auth.iv_size,
-					options->auth_iv_param,
-					options->auth_iv_random_size,
-					options->auth_iv.length) < 0) {
-				printf("Unsupported IV length\n");
-				continue;
-			}
 
 			/* Set IV if not provided from command line */
 			if (options->auth_iv_param == 0) {
@@ -2523,59 +2412,27 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned nb_ports,
 						cap->sym.auth.iv_size.min;
 			}
 
-			/*
-			 * Check if length of provided auth key is supported
-			 * by the algorithm chosen.
-			 */
-			if (options->akey_param) {
-				if (check_supported_size(
-						options->auth_xform.auth.key.length,
-						cap->sym.auth.key_size.min,
-						cap->sym.auth.key_size.max,
-						cap->sym.auth.key_size.increment)
-							!= 0) {
-					printf("Unsupported auth key length\n");
-					continue;
-				}
-			/*
-			 * Check if length of the auth key to be randomly generated
-			 * is supported by the algorithm chosen.
-			 */
-			} else if (options->akey_random_size != -1) {
-				if (check_supported_size(options->akey_random_size,
-						cap->sym.auth.key_size.min,
-						cap->sym.auth.key_size.max,
-						cap->sym.auth.key_size.increment)
-							!= 0) {
-					printf("Unsupported auth key length\n");
-					continue;
-				}
-				options->auth_xform.auth.key.length =
-							options->akey_random_size;
-			/* No size provided, use minimum size. */
-			} else
-				options->auth_xform.auth.key.length =
+			/* Set key if not provided from command line */
+			if (options->akey_param == 0) {
+				if (options->akey_random_size != -1)
+					options->auth_xform.auth.key.length =
+						options->akey_random_size;
+				/* No size provided, use minimum size. */
+				else
+					options->auth_xform.auth.key.length =
 						cap->sym.auth.key_size.min;
 
-			if (!options->akey_param)
 				generate_random_key(
 					options->auth_xform.auth.key.data,
 					options->auth_xform.auth.key.length);
+			}
 
-			/* Check if digest size is supported by the algorithm. */
-			if (options->digest_size != -1) {
-				if (check_supported_size(options->digest_size,
-						cap->sym.auth.digest_size.min,
-						cap->sym.auth.digest_size.max,
-						cap->sym.auth.digest_size.increment)
-							!= 0) {
-					printf("Unsupported digest length\n");
-					continue;
-				}
+			/* Set digest size if not provided from command line */
+			if (options->digest_size != -1)
 				options->auth_xform.auth.digest_length =
 							options->digest_size;
-			/* No size provided, use minimum size. */
-			} else
+				/* No size provided, use minimum size. */
+			else
 				options->auth_xform.auth.digest_length =
 						cap->sym.auth.digest_size.min;
 		}
-- 
2.14.4

Re: [PATCH v2 4/5] examples/l2fwd-crypto: fix session mempool size

[Trahe, Fiona]

Hi Pablo,

> -----Original Message-----
> From: De Lara Guarch, Pablo
> Sent: Thursday, July 19, 2018 9:40 AM
> To: Doherty, Declan <declan.doherty@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>
> Cc: dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Subject: [PATCH v2 4/5] examples/l2fwd-crypto: fix session mempool size
> 
> The session mempool size for this application depends
> on the number of crypto devices that are capable
> of performing the operation given by the parameters on the app.
> 
> However, previously this calculation was done before all devices
> were checked, resulting in an incorrect number of sessions
> required.
> 
> Now the calculation of the devices to be used is done first
> (checking the capabilities of the enabled devices),
> followed by the creation of the session pool, resulting
> in a correct number of objects needed for the sessions
> to be created.
> 
> Fixes: e3bcb99a5e13 ("examples/l2fwd-crypto: limit number of sessions")
> 
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
>  examples/l2fwd-crypto/main.c | 272 +++++++++++++++++++++++++++++++++++++++++--
>  1 file changed, 260 insertions(+), 12 deletions(-)
> 
> diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c


//snip//

> @@ -1976,16 +2217,31 @@ initialize_cryptodevs(struct l2fwd_crypto_options *options, unsigned
> nb_ports,
>  		return -1;
>  	}
> 
> -	for (cdev_id = 0; cdev_id < cdev_count; cdev_id++) {
> +	for (cdev_id = 0; cdev_id < cdev_count && enabled_cdev_count < nb_ports;
> +			cdev_id++) {
>  		sess_sz = rte_cryptodev_sym_get_private_session_size(cdev_id);
>  		if (sess_sz > max_sess_sz)
>  			max_sess_sz = sess_sz;

> +
> +		if (check_cryptodev_mask(options, cdev_id) < 0)
> +			continue;
> +
> +		if (check_capabilities(options, cdev_id) < 0)
> +			continue;
> +
> +		l2fwd_enabled_crypto_mask |= (((uint64_t)1) << cdev_id);
> +
> +		enabled_cdevs[cdev_id] = 1;
> +		enabled_cdev_count++;
>  	}
[Fiona] It would be better to move the sess_sz assignment down to after the capabilities check.
Apart from this 
Acked-by: Fiona Trahe <fiona.trahe@intel.com> 

Re: [PATCH v2 0/5] L2fwd-crypto fixes

[Trahe, Fiona]

Hi Pablo,

> -----Original Message-----
> From: De Lara Guarch, Pablo
> Sent: Thursday, July 19, 2018 9:40 AM
> To: Doherty, Declan <declan.doherty@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>
> Cc: dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Subject: [PATCH v2 0/5] L2fwd-crypto fixes
> 
> v2 changes:
> - Split patch into multiple patches for better review
> - First two patches are fixes for previous releases
> 
> Pablo de Lara (5):
>   examples/l2fwd-crypto: check return value on IV size check
>   examples/l2fwd-crypto: skip device not supporting operation
>   examples/l2fwd-crypto: separate IV check from xform setting
>   examples/l2fwd-crypto: fix session mempool size
>   examples/l2fwd-crypto: remove duplicated capability check
> 
>  examples/l2fwd-crypto/main.c | 539 +++++++++++++++++++++++++++----------------
>  1 file changed, 340 insertions(+), 199 deletions(-)
> 
> --
> 2.14.4
One minor comment in patch 4, apart from that 
Series-acked-by: Fiona Trahe <fiona.trahe@intel.com>

Re: [PATCH v2 0/5] L2fwd-crypto fixes

[De Lara Guarch, Pablo]

Hi Fiona,

> -----Original Message-----
> From: Trahe, Fiona
> Sent: Friday, July 20, 2018 10:02 AM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Doherty, Declan
> <declan.doherty@intel.com>
> Cc: dev@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: RE: [PATCH v2 0/5] L2fwd-crypto fixes
> 
> Hi Pablo,
> 
> > -----Original Message-----
> > From: De Lara Guarch, Pablo
> > Sent: Thursday, July 19, 2018 9:40 AM
> > To: Doherty, Declan <declan.doherty@intel.com>; Trahe, Fiona
> <fiona.trahe@intel.com>
> > Cc: dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> > Subject: [PATCH v2 0/5] L2fwd-crypto fixes
> >
> > v2 changes:
> > - Split patch into multiple patches for better review
> > - First two patches are fixes for previous releases
> >
> > Pablo de Lara (5):
> >   examples/l2fwd-crypto: check return value on IV size check
> >   examples/l2fwd-crypto: skip device not supporting operation
> >   examples/l2fwd-crypto: separate IV check from xform setting
> >   examples/l2fwd-crypto: fix session mempool size
> >   examples/l2fwd-crypto: remove duplicated capability check
> >
> >  examples/l2fwd-crypto/main.c | 539 +++++++++++++++++++++++++++---------
> -------
> >  1 file changed, 340 insertions(+), 199 deletions(-)
> >
> > --
> > 2.14.4
> One minor comment in patch 4, apart from that
> Series-acked-by: Fiona Trahe <fiona.trahe@intel.com>

Thanks for the review. I will make that change on the fly when applying the patchset,
as it is a minor change, to avoid spam.

Re: [PATCH v2 0/5] L2fwd-crypto fixes

[De Lara Guarch, Pablo]

> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of De Lara Guarch, Pablo
> Sent: Friday, July 20, 2018 11:41 AM
> To: Trahe, Fiona <fiona.trahe@intel.com>; Doherty, Declan
> <declan.doherty@intel.com>
> Cc: dev@dpdk.org
> Subject: Re: [dpdk-dev] [PATCH v2 0/5] L2fwd-crypto fixes
> 
> Hi Fiona,
> 
> > -----Original Message-----
> > From: Trahe, Fiona
> > Sent: Friday, July 20, 2018 10:02 AM
> > To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Doherty,
> > Declan <declan.doherty@intel.com>
> > Cc: dev@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com>
> > Subject: RE: [PATCH v2 0/5] L2fwd-crypto fixes
> >
> > Hi Pablo,
> >
> > > -----Original Message-----
> > > From: De Lara Guarch, Pablo
> > > Sent: Thursday, July 19, 2018 9:40 AM
> > > To: Doherty, Declan <declan.doherty@intel.com>; Trahe, Fiona
> > <fiona.trahe@intel.com>
> > > Cc: dev@dpdk.org; De Lara Guarch, Pablo
> > > <pablo.de.lara.guarch@intel.com>
> > > Subject: [PATCH v2 0/5] L2fwd-crypto fixes
> > >
> > > v2 changes:
> > > - Split patch into multiple patches for better review
> > > - First two patches are fixes for previous releases
> > >
> > > Pablo de Lara (5):
> > >   examples/l2fwd-crypto: check return value on IV size check
> > >   examples/l2fwd-crypto: skip device not supporting operation
> > >   examples/l2fwd-crypto: separate IV check from xform setting
> > >   examples/l2fwd-crypto: fix session mempool size
> > >   examples/l2fwd-crypto: remove duplicated capability check
> > >
> > >  examples/l2fwd-crypto/main.c | 539
> > > +++++++++++++++++++++++++++---------
> > -------
> > >  1 file changed, 340 insertions(+), 199 deletions(-)
> > >
> > > --
> > > 2.14.4
> > One minor comment in patch 4, apart from that
> > Series-acked-by: Fiona Trahe <fiona.trahe@intel.com>
> 
> Thanks for the review. I will make that change on the fly when applying the
> patchset, as it is a minor change, to avoid spam.

Series applied to dpdk-next-crypto, with change requested.

Pablo