From: Fan Zhang <roy.fan.zhang@intel.com>
To: dev@dpdk.org
Cc: konstantin.ananyev@intel.com, declan.doherty@intel.com,
akhil.goyal@nxp.com, Fan Zhang <roy.fan.zhang@intel.com>
Subject: [dpdk-dev] [PATCH v2 01/10] security: introduce CPU Crypto action type and API
Date: Mon, 7 Oct 2019 17:28:41 +0100 [thread overview]
Message-ID: <20191007162850.60552-2-roy.fan.zhang@intel.com> (raw)
In-Reply-To: <20191007162850.60552-1-roy.fan.zhang@intel.com>
This patch introduce new RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO action type to
security library. The type represents performing crypto operation with CPU
cycles. The patch also includes a new API to process crypto operations in
bulk and the function pointers for PMDs.
Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
---
lib/librte_security/rte_security.c | 11 ++++++
lib/librte_security/rte_security.h | 53 +++++++++++++++++++++++++++-
lib/librte_security/rte_security_driver.h | 22 ++++++++++++
lib/librte_security/rte_security_version.map | 1 +
4 files changed, 86 insertions(+), 1 deletion(-)
diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
index bc81ce15d..cdd1ee6af 100644
--- a/lib/librte_security/rte_security.c
+++ b/lib/librte_security/rte_security.c
@@ -141,3 +141,14 @@ rte_security_capability_get(struct rte_security_ctx *instance,
return NULL;
}
+
+int
+rte_security_process_cpu_crypto_bulk(struct rte_security_ctx *instance,
+ struct rte_security_session *sess,
+ struct rte_security_vec buf[], void *iv[], void *aad[],
+ void *digest[], int status[], uint32_t num)
+{
+ RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->process_cpu_crypto_bulk, -1);
+ return instance->ops->process_cpu_crypto_bulk(sess, buf, iv,
+ aad, digest, status, num);
+}
diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index aaafdfcd7..0caf5d697 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -18,6 +18,7 @@ extern "C" {
#endif
#include <sys/types.h>
+#include <sys/uio.h>
#include <netinet/in.h>
#include <netinet/ip.h>
@@ -289,6 +290,20 @@ struct rte_security_pdcp_xform {
uint32_t hfn_ovrd;
};
+struct rte_security_cpu_crypto_xform {
+ /** For cipher/authentication crypto operation the authentication may
+ * cover more content then the cipher. E.g., for IPSec ESP encryption
+ * with AES-CBC and SHA1-HMAC, the encryption happens after the ESP
+ * header but whole packet (apart from MAC header) is authenticated.
+ * The cipher_offset field is used to deduct the cipher data pointer
+ * from the buffer to be processed.
+ *
+ * NOTE this parameter shall be ignored by AEAD algorithms, since it
+ * uses the same offset for cipher and authentication.
+ */
+ int32_t cipher_offset;
+};
+
/**
* Security session action type.
*/
@@ -303,10 +318,14 @@ enum rte_security_session_action_type {
/**< All security protocol processing is performed inline during
* transmission
*/
- RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL
+ RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
/**< All security protocol processing including crypto is performed
* on a lookaside accelerator
*/
+ RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO
+ /**< Crypto processing for security protocol is processed by CPU
+ * synchronously
+ */
};
/** Security session protocol definition */
@@ -332,6 +351,7 @@ struct rte_security_session_conf {
struct rte_security_ipsec_xform ipsec;
struct rte_security_macsec_xform macsec;
struct rte_security_pdcp_xform pdcp;
+ struct rte_security_cpu_crypto_xform cpucrypto;
};
/**< Configuration parameters for security session */
struct rte_crypto_sym_xform *crypto_xform;
@@ -665,6 +685,37 @@ const struct rte_security_capability *
rte_security_capability_get(struct rte_security_ctx *instance,
struct rte_security_capability_idx *idx);
+/**
+ * Security vector structure, contains pointer to vector array and the length
+ * of the array
+ */
+struct rte_security_vec {
+ struct iovec *vec;
+ uint32_t num;
+};
+
+/**
+ * Processing bulk crypto workload with CPU
+ *
+ * @param instance security instance.
+ * @param sess security session
+ * @param buf array of buffer SGL vectors
+ * @param iv array of IV pointers
+ * @param aad array of AAD pointers
+ * @param digest array of digest pointers
+ * @param status array of status for the function to return
+ * @param num number of elements in each array
+ * @return
+ * - On success, 0
+ * - On any failure, -1
+ */
+__rte_experimental
+int
+rte_security_process_cpu_crypto_bulk(struct rte_security_ctx *instance,
+ struct rte_security_session *sess,
+ struct rte_security_vec buf[], void *iv[], void *aad[],
+ void *digest[], int status[], uint32_t num);
+
#ifdef __cplusplus
}
#endif
diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h
index 1b561f852..fe940fffa 100644
--- a/lib/librte_security/rte_security_driver.h
+++ b/lib/librte_security/rte_security_driver.h
@@ -132,6 +132,26 @@ typedef int (*security_get_userdata_t)(void *device,
typedef const struct rte_security_capability *(*security_capabilities_get_t)(
void *device);
+/**
+ * Process security operations in bulk using CPU accelerated method.
+ *
+ * @param sess Security session structure.
+ * @param buf Buffer to the vectors to be processed.
+ * @param iv IV pointers.
+ * @param aad AAD pointers.
+ * @param digest Digest pointers.
+ * @param status Array of status value.
+ * @param num Number of elements in each array.
+ * @return
+ * - On success, 0
+ * - On any failure, -1
+ */
+
+typedef int (*security_process_cpu_crypto_bulk_t)(
+ struct rte_security_session *sess,
+ struct rte_security_vec buf[], void *iv[], void *aad[],
+ void *digest[], int status[], uint32_t num);
+
/** Security operations function pointer table */
struct rte_security_ops {
security_session_create_t session_create;
@@ -150,6 +170,8 @@ struct rte_security_ops {
/**< Get userdata associated with session which processed the packet. */
security_capabilities_get_t capabilities_get;
/**< Get security capabilities. */
+ security_process_cpu_crypto_bulk_t process_cpu_crypto_bulk;
+ /**< Process data in bulk. */
};
#ifdef __cplusplus
diff --git a/lib/librte_security/rte_security_version.map b/lib/librte_security/rte_security_version.map
index 53267bf3c..2132e7a00 100644
--- a/lib/librte_security/rte_security_version.map
+++ b/lib/librte_security/rte_security_version.map
@@ -18,4 +18,5 @@ EXPERIMENTAL {
rte_security_get_userdata;
rte_security_session_stats_get;
rte_security_session_update;
+ rte_security_process_cpu_crypto_bulk;
};
--
2.14.5
next prev parent reply other threads:[~2019-10-07 16:29 UTC|newest]
Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-03 15:40 [dpdk-dev] [RFC PATCH 0/9] security: add software synchronous crypto process Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 1/9] security: introduce CPU Crypto action type and API Fan Zhang
2019-09-04 10:32 ` Akhil Goyal
2019-09-04 13:06 ` Zhang, Roy Fan
2019-09-06 9:01 ` Akhil Goyal
2019-09-06 13:12 ` Zhang, Roy Fan
2019-09-10 11:25 ` Akhil Goyal
2019-09-11 13:01 ` Ananyev, Konstantin
2019-09-06 13:27 ` Ananyev, Konstantin
2019-09-10 10:44 ` Akhil Goyal
2019-09-11 12:29 ` Ananyev, Konstantin
2019-09-12 14:12 ` Akhil Goyal
2019-09-16 14:53 ` Ananyev, Konstantin
2019-09-16 15:08 ` Ananyev, Konstantin
2019-09-17 6:02 ` Akhil Goyal
2019-09-18 7:44 ` Ananyev, Konstantin
2019-09-25 18:24 ` Ananyev, Konstantin
2019-09-27 9:26 ` Akhil Goyal
2019-09-30 12:22 ` Ananyev, Konstantin
2019-09-30 13:43 ` Akhil Goyal
2019-10-01 14:49 ` Ananyev, Konstantin
2019-10-03 13:24 ` Akhil Goyal
2019-10-07 12:53 ` Ananyev, Konstantin
2019-10-09 7:20 ` Akhil Goyal
2019-10-09 13:43 ` Ananyev, Konstantin
2019-10-11 13:23 ` Akhil Goyal
2019-10-13 23:07 ` Zhang, Roy Fan
2019-10-14 11:10 ` Ananyev, Konstantin
2019-10-15 15:02 ` Akhil Goyal
2019-10-16 13:04 ` Ananyev, Konstantin
2019-10-15 15:00 ` Akhil Goyal
2019-10-16 22:07 ` Ananyev, Konstantin
2019-10-17 12:49 ` Ananyev, Konstantin
2019-10-18 13:17 ` Akhil Goyal
2019-10-21 13:47 ` Ananyev, Konstantin
2019-10-22 13:31 ` Akhil Goyal
2019-10-22 17:44 ` Ananyev, Konstantin
2019-10-22 22:21 ` Ananyev, Konstantin
2019-10-23 10:05 ` Akhil Goyal
2019-10-30 14:23 ` Ananyev, Konstantin
2019-11-01 13:53 ` Akhil Goyal
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 2/9] crypto/aesni_gcm: add rte_security handler Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 3/9] app/test: add security cpu crypto autotest Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 4/9] app/test: add security cpu crypto perftest Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 5/9] crypto/aesni_mb: add rte_security handler Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 6/9] app/test: add aesni_mb security cpu crypto autotest Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 7/9] app/test: add aesni_mb security cpu crypto perftest Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 8/9] ipsec: add rte_security cpu_crypto action support Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 9/9] examples/ipsec-secgw: add security " Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 00/10] security: add software synchronous crypto process Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 01/10] security: introduce CPU Crypto action type and API Fan Zhang
2019-09-18 12:45 ` Ananyev, Konstantin
2019-09-29 6:00 ` Hemant Agrawal
2019-09-29 16:59 ` Ananyev, Konstantin
2019-09-30 9:43 ` Hemant Agrawal
2019-10-01 15:27 ` Ananyev, Konstantin
2019-10-02 2:47 ` Hemant Agrawal
2019-09-06 13:13 ` [dpdk-dev] [PATCH 02/10] crypto/aesni_gcm: add rte_security handler Fan Zhang
2019-09-18 10:24 ` Ananyev, Konstantin
2019-09-06 13:13 ` [dpdk-dev] [PATCH 03/10] app/test: add security cpu crypto autotest Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 04/10] app/test: add security cpu crypto perftest Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 05/10] crypto/aesni_mb: add rte_security handler Fan Zhang
2019-09-18 15:20 ` Ananyev, Konstantin
2019-09-06 13:13 ` [dpdk-dev] [PATCH 06/10] app/test: add aesni_mb security cpu crypto autotest Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 07/10] app/test: add aesni_mb security cpu crypto perftest Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 08/10] ipsec: add rte_security cpu_crypto action support Fan Zhang
2019-09-26 23:20 ` Ananyev, Konstantin
2019-09-27 10:38 ` Ananyev, Konstantin
2019-09-06 13:13 ` [dpdk-dev] [PATCH 09/10] examples/ipsec-secgw: add security " Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 10/10] doc: update security cpu process description Fan Zhang
2019-09-09 12:43 ` [dpdk-dev] [PATCH 00/10] security: add software synchronous crypto process Aaron Conole
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 " Fan Zhang
2019-10-07 16:28 ` Fan Zhang [this message]
2019-10-08 13:42 ` [dpdk-dev] [PATCH v2 01/10] security: introduce CPU Crypto action type and API Ananyev, Konstantin
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 02/10] crypto/aesni_gcm: add rte_security handler Fan Zhang
2019-10-08 13:44 ` Ananyev, Konstantin
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 03/10] app/test: add security cpu crypto autotest Fan Zhang
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 04/10] app/test: add security cpu crypto perftest Fan Zhang
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 05/10] crypto/aesni_mb: add rte_security handler Fan Zhang
2019-10-08 16:23 ` Ananyev, Konstantin
2019-10-09 8:29 ` Ananyev, Konstantin
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 06/10] app/test: add aesni_mb security cpu crypto autotest Fan Zhang
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 07/10] app/test: add aesni_mb security cpu crypto perftest Fan Zhang
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 08/10] ipsec: add rte_security cpu_crypto action support Fan Zhang
2019-10-08 23:28 ` Ananyev, Konstantin
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 09/10] examples/ipsec-secgw: add security " Fan Zhang
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 10/10] doc: update security cpu process description Fan Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191007162850.60552-2-roy.fan.zhang@intel.com \
--to=roy.fan.zhang@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=konstantin.ananyev@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.