From: Fan Zhang <roy.fan.zhang@intel.com> To: dev@dpdk.org Cc: konstantin.ananyev@intel.com, declan.doherty@intel.com, akhil.goyal@nxp.com, Fan Zhang <roy.fan.zhang@intel.com> Subject: [dpdk-dev] [PATCH v2 01/10] security: introduce CPU Crypto action type and API Date: Mon, 7 Oct 2019 17:28:41 +0100 Message-ID: <20191007162850.60552-2-roy.fan.zhang@intel.com> (raw) In-Reply-To: <20191007162850.60552-1-roy.fan.zhang@intel.com> This patch introduce new RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO action type to security library. The type represents performing crypto operation with CPU cycles. The patch also includes a new API to process crypto operations in bulk and the function pointers for PMDs. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> --- lib/librte_security/rte_security.c | 11 ++++++ lib/librte_security/rte_security.h | 53 +++++++++++++++++++++++++++- lib/librte_security/rte_security_driver.h | 22 ++++++++++++ lib/librte_security/rte_security_version.map | 1 + 4 files changed, 86 insertions(+), 1 deletion(-) diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c index bc81ce15d..cdd1ee6af 100644 --- a/lib/librte_security/rte_security.c +++ b/lib/librte_security/rte_security.c @@ -141,3 +141,14 @@ rte_security_capability_get(struct rte_security_ctx *instance, return NULL; } + +int +rte_security_process_cpu_crypto_bulk(struct rte_security_ctx *instance, + struct rte_security_session *sess, + struct rte_security_vec buf[], void *iv[], void *aad[], + void *digest[], int status[], uint32_t num) +{ + RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->process_cpu_crypto_bulk, -1); + return instance->ops->process_cpu_crypto_bulk(sess, buf, iv, + aad, digest, status, num); +} diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h index aaafdfcd7..0caf5d697 100644 --- a/lib/librte_security/rte_security.h +++ b/lib/librte_security/rte_security.h @@ -18,6 +18,7 @@ extern "C" { #endif #include <sys/types.h> +#include <sys/uio.h> #include <netinet/in.h> #include <netinet/ip.h> @@ -289,6 +290,20 @@ struct rte_security_pdcp_xform { uint32_t hfn_ovrd; }; +struct rte_security_cpu_crypto_xform { + /** For cipher/authentication crypto operation the authentication may + * cover more content then the cipher. E.g., for IPSec ESP encryption + * with AES-CBC and SHA1-HMAC, the encryption happens after the ESP + * header but whole packet (apart from MAC header) is authenticated. + * The cipher_offset field is used to deduct the cipher data pointer + * from the buffer to be processed. + * + * NOTE this parameter shall be ignored by AEAD algorithms, since it + * uses the same offset for cipher and authentication. + */ + int32_t cipher_offset; +}; + /** * Security session action type. */ @@ -303,10 +318,14 @@ enum rte_security_session_action_type { /**< All security protocol processing is performed inline during * transmission */ - RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL + RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, /**< All security protocol processing including crypto is performed * on a lookaside accelerator */ + RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO + /**< Crypto processing for security protocol is processed by CPU + * synchronously + */ }; /** Security session protocol definition */ @@ -332,6 +351,7 @@ struct rte_security_session_conf { struct rte_security_ipsec_xform ipsec; struct rte_security_macsec_xform macsec; struct rte_security_pdcp_xform pdcp; + struct rte_security_cpu_crypto_xform cpucrypto; }; /**< Configuration parameters for security session */ struct rte_crypto_sym_xform *crypto_xform; @@ -665,6 +685,37 @@ const struct rte_security_capability * rte_security_capability_get(struct rte_security_ctx *instance, struct rte_security_capability_idx *idx); +/** + * Security vector structure, contains pointer to vector array and the length + * of the array + */ +struct rte_security_vec { + struct iovec *vec; + uint32_t num; +}; + +/** + * Processing bulk crypto workload with CPU + * + * @param instance security instance. + * @param sess security session + * @param buf array of buffer SGL vectors + * @param iv array of IV pointers + * @param aad array of AAD pointers + * @param digest array of digest pointers + * @param status array of status for the function to return + * @param num number of elements in each array + * @return + * - On success, 0 + * - On any failure, -1 + */ +__rte_experimental +int +rte_security_process_cpu_crypto_bulk(struct rte_security_ctx *instance, + struct rte_security_session *sess, + struct rte_security_vec buf[], void *iv[], void *aad[], + void *digest[], int status[], uint32_t num); + #ifdef __cplusplus } #endif diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h index 1b561f852..fe940fffa 100644 --- a/lib/librte_security/rte_security_driver.h +++ b/lib/librte_security/rte_security_driver.h @@ -132,6 +132,26 @@ typedef int (*security_get_userdata_t)(void *device, typedef const struct rte_security_capability *(*security_capabilities_get_t)( void *device); +/** + * Process security operations in bulk using CPU accelerated method. + * + * @param sess Security session structure. + * @param buf Buffer to the vectors to be processed. + * @param iv IV pointers. + * @param aad AAD pointers. + * @param digest Digest pointers. + * @param status Array of status value. + * @param num Number of elements in each array. + * @return + * - On success, 0 + * - On any failure, -1 + */ + +typedef int (*security_process_cpu_crypto_bulk_t)( + struct rte_security_session *sess, + struct rte_security_vec buf[], void *iv[], void *aad[], + void *digest[], int status[], uint32_t num); + /** Security operations function pointer table */ struct rte_security_ops { security_session_create_t session_create; @@ -150,6 +170,8 @@ struct rte_security_ops { /**< Get userdata associated with session which processed the packet. */ security_capabilities_get_t capabilities_get; /**< Get security capabilities. */ + security_process_cpu_crypto_bulk_t process_cpu_crypto_bulk; + /**< Process data in bulk. */ }; #ifdef __cplusplus diff --git a/lib/librte_security/rte_security_version.map b/lib/librte_security/rte_security_version.map index 53267bf3c..2132e7a00 100644 --- a/lib/librte_security/rte_security_version.map +++ b/lib/librte_security/rte_security_version.map @@ -18,4 +18,5 @@ EXPERIMENTAL { rte_security_get_userdata; rte_security_session_stats_get; rte_security_session_update; + rte_security_process_cpu_crypto_bulk; }; -- 2.14.5
next prev parent reply index Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-09-03 15:40 [dpdk-dev] [RFC PATCH 0/9] security: add software synchronous crypto process Fan Zhang 2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 1/9] security: introduce CPU Crypto action type and API Fan Zhang 2019-09-04 10:32 ` Akhil Goyal 2019-09-04 13:06 ` Zhang, Roy Fan 2019-09-06 9:01 ` Akhil Goyal 2019-09-06 13:12 ` Zhang, Roy Fan 2019-09-10 11:25 ` Akhil Goyal 2019-09-11 13:01 ` Ananyev, Konstantin 2019-09-06 13:27 ` Ananyev, Konstantin 2019-09-10 10:44 ` Akhil Goyal 2019-09-11 12:29 ` Ananyev, Konstantin 2019-09-12 14:12 ` Akhil Goyal 2019-09-16 14:53 ` Ananyev, Konstantin 2019-09-16 15:08 ` Ananyev, Konstantin 2019-09-17 6:02 ` Akhil Goyal 2019-09-18 7:44 ` Ananyev, Konstantin 2019-09-25 18:24 ` Ananyev, Konstantin 2019-09-27 9:26 ` Akhil Goyal 2019-09-30 12:22 ` Ananyev, Konstantin 2019-09-30 13:43 ` Akhil Goyal 2019-10-01 14:49 ` Ananyev, Konstantin 2019-10-03 13:24 ` Akhil Goyal 2019-10-07 12:53 ` Ananyev, Konstantin 2019-10-09 7:20 ` Akhil Goyal 2019-10-09 13:43 ` Ananyev, Konstantin 2019-10-11 13:23 ` Akhil Goyal 2019-10-13 23:07 ` Zhang, Roy Fan 2019-10-14 11:10 ` Ananyev, Konstantin 2019-10-15 15:02 ` Akhil Goyal 2019-10-16 13:04 ` Ananyev, Konstantin 2019-10-15 15:00 ` Akhil Goyal 2019-10-16 22:07 ` Ananyev, Konstantin 2019-10-17 12:49 ` Ananyev, Konstantin 2019-10-18 13:17 ` Akhil Goyal 2019-10-21 13:47 ` Ananyev, Konstantin 2019-10-22 13:31 ` Akhil Goyal 2019-10-22 17:44 ` Ananyev, Konstantin 2019-10-22 22:21 ` Ananyev, Konstantin 2019-10-23 10:05 ` Akhil Goyal 2019-10-30 14:23 ` Ananyev, Konstantin 2019-11-01 13:53 ` Akhil Goyal 2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 2/9] crypto/aesni_gcm: add rte_security handler Fan Zhang 2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 3/9] app/test: add security cpu crypto autotest Fan Zhang 2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 4/9] app/test: add security cpu crypto perftest Fan Zhang 2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 5/9] crypto/aesni_mb: add rte_security handler Fan Zhang 2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 6/9] app/test: add aesni_mb security cpu crypto autotest Fan Zhang 2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 7/9] app/test: add aesni_mb security cpu crypto perftest Fan Zhang 2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 8/9] ipsec: add rte_security cpu_crypto action support Fan Zhang 2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 9/9] examples/ipsec-secgw: add security " Fan Zhang 2019-09-06 13:13 ` [dpdk-dev] [PATCH 00/10] security: add software synchronous crypto process Fan Zhang 2019-09-06 13:13 ` [dpdk-dev] [PATCH 01/10] security: introduce CPU Crypto action type and API Fan Zhang 2019-09-18 12:45 ` Ananyev, Konstantin 2019-09-29 6:00 ` Hemant Agrawal 2019-09-29 16:59 ` Ananyev, Konstantin 2019-09-30 9:43 ` Hemant Agrawal 2019-10-01 15:27 ` Ananyev, Konstantin 2019-10-02 2:47 ` Hemant Agrawal 2019-09-06 13:13 ` [dpdk-dev] [PATCH 02/10] crypto/aesni_gcm: add rte_security handler Fan Zhang 2019-09-18 10:24 ` Ananyev, Konstantin 2019-09-06 13:13 ` [dpdk-dev] [PATCH 03/10] app/test: add security cpu crypto autotest Fan Zhang 2019-09-06 13:13 ` [dpdk-dev] [PATCH 04/10] app/test: add security cpu crypto perftest Fan Zhang 2019-09-06 13:13 ` [dpdk-dev] [PATCH 05/10] crypto/aesni_mb: add rte_security handler Fan Zhang 2019-09-18 15:20 ` Ananyev, Konstantin 2019-09-06 13:13 ` [dpdk-dev] [PATCH 06/10] app/test: add aesni_mb security cpu crypto autotest Fan Zhang 2019-09-06 13:13 ` [dpdk-dev] [PATCH 07/10] app/test: add aesni_mb security cpu crypto perftest Fan Zhang 2019-09-06 13:13 ` [dpdk-dev] [PATCH 08/10] ipsec: add rte_security cpu_crypto action support Fan Zhang 2019-09-26 23:20 ` Ananyev, Konstantin 2019-09-27 10:38 ` Ananyev, Konstantin 2019-09-06 13:13 ` [dpdk-dev] [PATCH 09/10] examples/ipsec-secgw: add security " Fan Zhang 2019-09-06 13:13 ` [dpdk-dev] [PATCH 10/10] doc: update security cpu process description Fan Zhang 2019-09-09 12:43 ` [dpdk-dev] [PATCH 00/10] security: add software synchronous crypto process Aaron Conole 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 " Fan Zhang 2019-10-07 16:28 ` Fan Zhang [this message] 2019-10-08 13:42 ` [dpdk-dev] [PATCH v2 01/10] security: introduce CPU Crypto action type and API Ananyev, Konstantin 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 02/10] crypto/aesni_gcm: add rte_security handler Fan Zhang 2019-10-08 13:44 ` Ananyev, Konstantin 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 03/10] app/test: add security cpu crypto autotest Fan Zhang 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 04/10] app/test: add security cpu crypto perftest Fan Zhang 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 05/10] crypto/aesni_mb: add rte_security handler Fan Zhang 2019-10-08 16:23 ` Ananyev, Konstantin 2019-10-09 8:29 ` Ananyev, Konstantin 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 06/10] app/test: add aesni_mb security cpu crypto autotest Fan Zhang 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 07/10] app/test: add aesni_mb security cpu crypto perftest Fan Zhang 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 08/10] ipsec: add rte_security cpu_crypto action support Fan Zhang 2019-10-08 23:28 ` Ananyev, Konstantin 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 09/10] examples/ipsec-secgw: add security " Fan Zhang 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 10/10] doc: update security cpu process description Fan Zhang
Reply instructions: You may reply publically to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20191007162850.60552-2-roy.fan.zhang@intel.com \ --to=roy.fan.zhang@intel.com \ --cc=akhil.goyal@nxp.com \ --cc=declan.doherty@intel.com \ --cc=dev@dpdk.org \ --cc=konstantin.ananyev@intel.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
DPDK patches and discussions Archives are clonable: git clone --mirror http://inbox.dpdk.org/dev/0 dev/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 dev dev/ http://inbox.dpdk.org/dev \ dev@dpdk.org public-inbox-index dev Newsgroup available over NNTP: nntp://inbox.dpdk.org/inbox.dpdk.dev AGPL code for this site: git clone https://public-inbox.org/ public-inbox