From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Trahe, Fiona" Subject: Re: [PATCH v3 00/26] Crypto operation restructuring Date: Fri, 30 Jun 2017 13:23:12 +0000 Message-ID: <348A99DA5F5B7549AA880327E580B43589227B83@IRSMSX101.ger.corp.intel.com> References: <20170626102300.56637-1-pablo.de.lara.guarch@intel.com> <20170629113521.5560-1-pablo.de.lara.guarch@intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Cc: "dev@dpdk.org" To: "De Lara Guarch, Pablo" , "Doherty, Declan" , "zbigniew.bodek@caviumnetworks.com" , "jerin.jacob@caviumnetworks.com" , "akhil.goyal@nxp.com" , "hemant.agrawal@nxp.com" , "Griffin, John" , "Jain, Deepak K" Return-path: Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id 95D652BE1 for ; Fri, 30 Jun 2017 15:23:16 +0200 (CEST) In-Reply-To: <20170629113521.5560-1-pablo.de.lara.guarch@intel.com> Content-Language: en-US List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > -----Original Message----- > From: De Lara Guarch, Pablo > Sent: Thursday, June 29, 2017 12:35 PM > To: Doherty, Declan ; zbigniew.bodek@caviumnetw= orks.com; > jerin.jacob@caviumnetworks.com; akhil.goyal@nxp.com; hemant.agrawal@nxp.c= om; Trahe, Fiona > ; Griffin, John ; Jain, De= epak K > > Cc: dev@dpdk.org; De Lara Guarch, Pablo > Subject: [PATCH v3 00/26] Crypto operation restructuring >=20 > This patchset attempts to correct and improve the current crypto operatio= n > (rte_crypto_op) and symmetric crypto operation (rte_crypto_sym_op) struct= ures, > shrinking their sizes to fit both structures into two 64-byte cache lines > (with extra space for the IV and other user data) as one of the goals. >=20 > It also introduces new AEAD algorithm specific parameters, > to simplify its setup with a single transform, instead of a concatenation > of a cipher and an authentication transform. >=20 > The following changes are made: >=20 > In rte_crypto_op: >=20 > - Moved session type (with session/sessionless) from symmetric op to cryp= to op, > as this could be used for other types >=20 > - Combined operation type, operation status and session type into a 64-bi= t flag (each one taking 1 byte), > instead of having enums taking 4 bytes each >=20 > - Removed opaque data from crypto operation, as private data can be alloc= ated > just after the symmetric (or other type) crypto operation >=20 > - Modified symmetric operation pointer to zero-array, as the symmetric op= should be always after the > crypto operation >=20 > - Removed unnecessary cache alignment >=20 > In rte_crypto_sym_xform: >=20 > - Added IV length and offset in sym_xform, so these will be fixed for all= the operations in a session >=20 > - Added a new AEAD transform >=20 > - Added IV for authentication and AEAD transforms >=20 > - Removed AAD length from authentication transform, as it is only used fo= r AEAD algorithms >=20 > In rte_crypto_sym_op: >=20 > - Removed IV parameters, which will be only in the session. >=20 > - Added AEAD specific parameters. >=20 > - Create union with the new AEAD parameters and the cipher/authentication= parameters, > as the three cannot be used at the same time >=20 > - Removed digest length from sym crypto op, so this length will be fixed = for all the operations in a > session >=20 > - Removed AAD length from sym crypto op, so this length will be fixed for= all operations in a session >=20 > - Removed AAD from authentication structure, as it is only used for AEAD = algorithms >=20 > - Added zero-array at the end of sym crypto op to be used to get extra al= located memory (IV + other > user data) >=20 >=20 > In terms of algorithm usage: >=20 > - AEAD algorithms (like AES-GCM) are set up only using the AEAD structure >=20 > - AES GMAC will be an authentication only algorithm, using the source buf= fer directly, instead of AAD > field >=20 > - Wireless algorithms (like SNOW3G) do not use AAD field for authenticati= on IV anymore, as this is > available now. >=20 >=20 > Finally, a comparison between the previous operation and the new operatio= n: >=20 > Previous rte_crypto_op (40 bytes) and rte_crypto_sym_op (114 bytes) struc= tures: >=20 > struct rte_crypto_op { > enum rte_crypto_op_type type; > enum rte_crypto_op_status status; > struct rte_mempool *mempool; > phys_addr_t phys_addr; > void *opaque_data; > union { > struct rte_crypto_sym_op *sym; > }; > } __rte_cache_aligned; >=20 > struct rte_crypto_sym_op { > struct rte_mbuf *m_src; > struct rte_mbuf *m_dst; >=20 > enum rte_crypto_sym_op_sess_type sess_type; >=20 > RTE_STD_C11 > union { > struct rte_cryptodev_sym_session *session; > struct rte_crypto_sym_xform *xform; > }; >=20 > struct { > struct { > uint32_t offset; > uint32_t length; > } data; >=20 > struct { > uint8_t *data; > phys_addr_t phys_addr; > uint16_t length; > } iv; > } cipher; >=20 > struct { > struct { > uint32_t offset; > uint32_t length; > } data; > struct { > uint8_t *data; > phys_addr_t phys_addr; > uint16_t length; > } digest; /**< Digest parameters */ >=20 > struct { > uint8_t *data; > phys_addr_t phys_addr; > uint16_t length; > } aad; >=20 > } auth; > } __rte_cache_aligned; >=20 >=20 > New rte_crypto_op (24 bytes) and rte_crypto_sym_op (72 bytes) structures: >=20 > struct rte_crypto_op { > uint64_t type: 8; > uint64_t status: 8; > uint64_t sess_type: 8; >=20 > struct rte_mempool *mempool; >=20 > phys_addr_t phys_addr; >=20 > RTE_STD_C11 > union { > struct rte_crypto_sym_op sym[0]; > }; > } __rte_cache_aligned; >=20 >=20 > struct rte_crypto_sym_op { > struct rte_mbuf *m_src; > struct rte_mbuf *m_dst; >=20 > union { > struct rte_cryptodev_sym_session *session; > /**< Handle for the initialised session context */ > struct rte_crypto_sym_xform *xform; > /**< Session-less API Crypto operation parameters */ > }; >=20 > union { > struct { > struct { > uint32_t offset; > uint32_t length; > } data; /**< Data offsets and length for AEAD */ >=20 > struct { > uint8_t *data; > phys_addr_t phys_addr; > } digest; /**< Digest parameters */ >=20 > struct { > uint8_t *data; > phys_addr_t phys_addr; > } aad; > /**< Additional authentication parameters */ > } aead; >=20 > struct { > struct { > struct { > uint32_t offset; > uint32_t length; > } data; /**< Data offsets and length for ciphering */ > } cipher; >=20 > struct { > struct { > uint32_t offset; > uint32_t length; > } data; > /**< Data offsets and length for authentication */ >=20 > struct { > uint8_t *data; > phys_addr_t phys_addr; > } digest; /**< Digest parameters */ > } auth; > }; > }; > }; >=20 > Changes in v3: >=20 > - Removed unnecessary branch in test code >=20 > - Removed unnecessary memcpy in perf application >=20 > - Removed fix for QAT, which will be sent separated >=20 > - Rebased against dpdk-next-crypto subtree >=20 > Changes in v2: >=20 > - Added AEAD structures >=20 > - Added authentication IV (used for AES-GMAC and wireless algorithms) >=20 > - Modified all applications with the changes >=20 > - Modified all drivers with the changes >=20 > - Moved AAD length to the crypto session >=20 > - Rebased against latest dpdk-next-crypto >=20 > - Added documentation changes >=20 > Pablo de Lara (26): > cryptodev: move session type to generic crypto op > cryptodev: replace enums with 1-byte variables > cryptodev: remove opaque data pointer in crypto op > cryptodev: do not store pointer to op specific params > cryptodev: remove useless alignment > cryptodev: add crypto op helper macros > test/crypto: move IV to crypto op private data > test/crypto-perf: move IV to crypto op private data > app/crypto-perf: move IV to crypto op private data > examples/l2fwd-crypto: move IV to crypto op private data > examples/ipsec-secgw: move IV to crypto op private data > cryptodev: pass IV as offset > cryptodev: move IV parameters to crypto session > cryptodev: add auth IV > cryptodev: do not use AAD in wireless algorithms > cryptodev: remove AAD length from crypto op > cryptodev: remove digest length from crypto op > cryptodev: set AES-GMAC as auth-only algo > cryptodev: add AEAD specific data > cryptodev: add AEAD parameters in crypto operation > examples/l2fwd-crypto: avoid too many tabs > app/test-crypto-perf: add AEAD parameters > examples/ipsec-secgw: add AEAD parameters > examples/l2fwd-crypto: add AEAD parameters > cryptodev: use AES-GCM/CCM as AEAD algorithms > cryptodev: remove AAD from authentication structure >=20 > app/test-crypto-perf/cperf_ops.c | 246 ++-- > app/test-crypto-perf/cperf_ops.h | 6 +- > app/test-crypto-perf/cperf_options.h | 24 +- > app/test-crypto-perf/cperf_options_parsing.c | 148 ++- > app/test-crypto-perf/cperf_test_latency.c | 59 +- > app/test-crypto-perf/cperf_test_throughput.c | 24 +- > app/test-crypto-perf/cperf_test_vector_parsing.c | 67 +- > app/test-crypto-perf/cperf_test_vectors.c | 140 ++- > app/test-crypto-perf/cperf_test_vectors.h | 20 +- > app/test-crypto-perf/cperf_test_verify.c | 25 +- > app/test-crypto-perf/data/aes_cbc_128_sha.data | 2 +- > app/test-crypto-perf/data/aes_cbc_192_sha.data | 2 +- > app/test-crypto-perf/data/aes_cbc_256_sha.data | 2 +- > app/test-crypto-perf/main.c | 61 +- > doc/guides/prog_guide/cryptodev_lib.rst | 107 +- > doc/guides/prog_guide/img/crypto_xform_chain.svg | 8 +- > doc/guides/rel_notes/release_17_08.rst | 36 + > doc/guides/sample_app_ug/ipsec_secgw.rst | 43 +- > doc/guides/sample_app_ug/l2_forward_crypto.rst | 41 +- > doc/guides/tools/cryptoperf.rst | 50 +- > drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 260 +++-- > drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 32 +- > drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h | 13 +- > drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 16 +- > drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 21 +- > drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 5 + > drivers/crypto/armv8/rte_armv8_pmd.c | 26 +- > drivers/crypto/armv8/rte_armv8_pmd_ops.c | 6 +- > drivers/crypto/armv8/rte_armv8_pmd_private.h | 9 +- > drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 87 +- > drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 25 +- > drivers/crypto/kasumi/rte_kasumi_pmd.c | 88 +- > drivers/crypto/kasumi/rte_kasumi_pmd_ops.c | 5 +- > drivers/crypto/kasumi/rte_kasumi_pmd_private.h | 2 + > drivers/crypto/null/null_crypto_pmd.c | 15 +- > drivers/crypto/null/null_crypto_pmd_ops.c | 9 +- > drivers/crypto/openssl/rte_openssl_pmd.c | 209 +++- > drivers/crypto/openssl/rte_openssl_pmd_ops.c | 103 +- > drivers/crypto/openssl/rte_openssl_pmd_private.h | 14 + > drivers/crypto/qat/qat_adf/qat_algs.h | 9 + > drivers/crypto/qat/qat_adf/qat_algs_build_desc.c | 7 +- > drivers/crypto/qat/qat_crypto.c | 341 ++++-- > drivers/crypto/qat/qat_crypto.h | 4 + > drivers/crypto/qat/qat_crypto_capabilities.h | 82 +- > drivers/crypto/snow3g/rte_snow3g_pmd.c | 79 +- > drivers/crypto/snow3g/rte_snow3g_pmd_ops.c | 5 +- > drivers/crypto/snow3g/rte_snow3g_pmd_private.h | 2 + > drivers/crypto/zuc/rte_zuc_pmd.c | 63 +- > drivers/crypto/zuc/rte_zuc_pmd_ops.c | 7 +- > drivers/crypto/zuc/rte_zuc_pmd_private.h | 2 + > examples/ipsec-secgw/esp.c | 243 ++-- > examples/ipsec-secgw/ipsec.c | 1 - > examples/ipsec-secgw/ipsec.h | 6 +- > examples/ipsec-secgw/sa.c | 285 +++-- > examples/l2fwd-crypto/main.c | 721 +++++++++--- > lib/librte_cryptodev/rte_crypto.h | 37 +- > lib/librte_cryptodev/rte_crypto_sym.h | 618 +++++----- > lib/librte_cryptodev/rte_cryptodev.c | 71 +- > lib/librte_cryptodev/rte_cryptodev.h | 90 +- > lib/librte_cryptodev/rte_cryptodev_version.map | 4 + > test/test/test_cryptodev.c | 1176 ++++++++------= ------ > test/test/test_cryptodev.h | 6 + > test/test/test_cryptodev_blockcipher.c | 41 +- > test/test/test_cryptodev_gcm_test_vectors.h | 29 +- > .../test/test_cryptodev_kasumi_hash_test_vectors.h | 16 +- > test/test/test_cryptodev_kasumi_test_vectors.h | 20 +- > test/test/test_cryptodev_perf.c | 673 +++++------ > .../test/test_cryptodev_snow3g_hash_test_vectors.h | 14 +- > test/test/test_cryptodev_snow3g_test_vectors.h | 24 +- > test/test/test_cryptodev_zuc_test_vectors.h | 38 +- > 70 files changed, 4044 insertions(+), 2726 deletions(-) >=20 > -- > 2.9.4 Acked-by: Fiona Trahe