From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 451DAA2F6B for ; Tue, 8 Oct 2019 15:44:53 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id EF7CA1BFDD; Tue, 8 Oct 2019 15:44:52 +0200 (CEST) Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by dpdk.org (Postfix) with ESMTP id D59211BFAB for ; Tue, 8 Oct 2019 15:44:50 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Oct 2019 06:44:49 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,270,1566889200"; d="scan'208";a="196602552" Received: from irsmsx106.ger.corp.intel.com ([163.33.3.31]) by orsmga003.jf.intel.com with ESMTP; 08 Oct 2019 06:44:47 -0700 Received: from irsmsx105.ger.corp.intel.com ([169.254.7.164]) by IRSMSX106.ger.corp.intel.com ([169.254.8.184]) with mapi id 14.03.0439.000; Tue, 8 Oct 2019 14:44:47 +0100 From: "Ananyev, Konstantin" To: "Zhang, Roy Fan" , "dev@dpdk.org" CC: "Doherty, Declan" , "akhil.goyal@nxp.com" Thread-Topic: [PATCH v2 02/10] crypto/aesni_gcm: add rte_security handler Thread-Index: AQHVfSxmREp+4KhuxUWNdmBpJHPCj6dQwkyQ Date: Tue, 8 Oct 2019 13:44:46 +0000 Message-ID: <2601191342CEEE43887BDE71AB97725801919729F9@irsmsx105.ger.corp.intel.com> References: <20190906131330.40185-1-roy.fan.zhang@intel.com> <20191007162850.60552-1-roy.fan.zhang@intel.com> <20191007162850.60552-3-roy.fan.zhang@intel.com> In-Reply-To: <20191007162850.60552-3-roy.fan.zhang@intel.com> Accept-Language: en-IE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNGYwNThlZDctZTNlZi00ZDc3LTgyNzItOGQzYmI3YjJkZGQ3IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiSnU4WXo0d3JnXC9ZWTRNa1N3UHJMend5dmk5cWtsNjZjNGpTVm5zTFl1SWk5RFk1RnY3NFgwRjZjT2ZsZW9yV1IifQ== x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [163.33.239.181] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH v2 02/10] crypto/aesni_gcm: add rte_security handler X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" >=20 > This patch add rte_security support support to AESNI-GCM PMD. The PMD now > initialize security context instance, create/delete PMD specific security > sessions, and process crypto workloads in synchronous mode with > scatter-gather list buffer supported. >=20 > Signed-off-by: Fan Zhang > --- > drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 97 ++++++++++++++++++= +++++- > drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 95 ++++++++++++++++++= +++++ > drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h | 23 ++++++ > drivers/crypto/aesni_gcm/meson.build | 2 +- > 4 files changed, 215 insertions(+), 2 deletions(-) >=20 > diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/ae= sni_gcm/aesni_gcm_pmd.c > index 1006a5c4d..2e91bf149 100644 > --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c > +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c > @@ -6,6 +6,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -174,6 +175,56 @@ aesni_gcm_get_session(struct aesni_gcm_qp *qp, struc= t rte_crypto_op *op) > return sess; > } >=20 > +static __rte_always_inline int > +process_gcm_security_sgl_buf(struct aesni_gcm_security_session *sess, > + struct rte_security_vec *buf, uint8_t *iv, > + uint8_t *aad, uint8_t *digest) > +{ > + struct aesni_gcm_session *session =3D &sess->sess; > + uint8_t *tag; > + uint32_t i; > + > + sess->init(&session->gdata_key, &sess->gdata_ctx, iv, aad, > + (uint64_t)session->aad_length); > + > + for (i =3D 0; i < buf->num; i++) { > + struct iovec *vec =3D &buf->vec[i]; > + > + sess->update(&session->gdata_key, &sess->gdata_ctx, > + vec->iov_base, vec->iov_base, vec->iov_len); > + } > + > + switch (session->op) { > + case AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION: > + if (session->req_digest_length !=3D session->gen_digest_length) > + tag =3D sess->temp_digest; > + else > + tag =3D digest; > + > + sess->finalize(&session->gdata_key, &sess->gdata_ctx, tag, > + session->gen_digest_length); > + > + if (session->req_digest_length !=3D session->gen_digest_length) > + memcpy(digest, sess->temp_digest, > + session->req_digest_length); > + break; > + > + case AESNI_GCM_OP_AUTHENTICATED_DECRYPTION: > + tag =3D sess->temp_digest; > + > + sess->finalize(&session->gdata_key, &sess->gdata_ctx, tag, > + session->gen_digest_length); > + > + if (memcmp(tag, digest, session->req_digest_length) !=3D 0) > + return -1; > + break; > + default: > + return -1; > + } > + > + return 0; > +} > + > /** > * Process a crypto operation, calling > * the GCM API from the multi buffer library. > @@ -488,8 +539,10 @@ aesni_gcm_create(const char *name, > { > struct rte_cryptodev *dev; > struct aesni_gcm_private *internals; > + struct rte_security_ctx *sec_ctx; > enum aesni_gcm_vector_mode vector_mode; > MB_MGR *mb_mgr; > + char sec_name[RTE_DEV_NAME_MAX_LEN]; >=20 > /* Check CPU for support for AES instruction set */ > if (!rte_cpu_get_flag_enabled(RTE_CPUFLAG_AES)) { > @@ -524,7 +577,8 @@ aesni_gcm_create(const char *name, > RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | > RTE_CRYPTODEV_FF_CPU_AESNI | > RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | > - RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT; > + RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | > + RTE_CRYPTODEV_FF_SECURITY; >=20 > mb_mgr =3D alloc_mb_mgr(0); > if (mb_mgr =3D=3D NULL) > @@ -587,6 +641,21 @@ aesni_gcm_create(const char *name, >=20 > internals->max_nb_queue_pairs =3D init_params->max_nb_queue_pairs; >=20 > + /* setup security operations */ > + snprintf(sec_name, sizeof(sec_name) - 1, "aes_gcm_sec_%u", > + dev->driver_id); > + sec_ctx =3D rte_zmalloc_socket(sec_name, > + sizeof(struct rte_security_ctx), > + RTE_CACHE_LINE_SIZE, init_params->socket_id); > + if (sec_ctx =3D=3D NULL) { > + AESNI_GCM_LOG(ERR, "memory allocation failed\n"); > + goto error_exit; > + } > + > + sec_ctx->device =3D (void *)dev; > + sec_ctx->ops =3D rte_aesni_gcm_pmd_security_ops; > + dev->security_ctx =3D sec_ctx; > + > #if IMB_VERSION_NUM >=3D IMB_VERSION(0, 50, 0) > AESNI_GCM_LOG(INFO, "IPSec Multi-buffer library version used: %s\n", > imb_get_version_str()); > @@ -641,6 +710,8 @@ aesni_gcm_remove(struct rte_vdev_device *vdev) > if (cryptodev =3D=3D NULL) > return -ENODEV; >=20 > + rte_free(cryptodev->security_ctx); > + > internals =3D cryptodev->data->dev_private; >=20 > free_mb_mgr(internals->mb_mgr); > @@ -648,6 +719,30 @@ aesni_gcm_remove(struct rte_vdev_device *vdev) > return rte_cryptodev_pmd_destroy(cryptodev); > } >=20 > +int > +aesni_gcm_sec_crypto_process_bulk(struct rte_security_session *sess, > + struct rte_security_vec buf[], void *iv[], void *aad[], > + void *digest[], int status[], uint32_t num) > +{ > + struct aesni_gcm_security_session *session =3D > + get_sec_session_private_data(sess); > + uint32_t i; > + int errcnt =3D 0; > + > + if (unlikely(!session)) > + return -num; You return negative status (error), but don't send each status[] value. > + > + for (i =3D 0; i < num; i++) { > + status[i] =3D process_gcm_security_sgl_buf(session, &buf[i], > + (uint8_t *)iv[i], (uint8_t *)aad[i], > + (uint8_t *)digest[i]); > + if (unlikely(status[i])) > + errcnt -=3D 1; > + } > + > + return errcnt; > +} > + > static struct rte_vdev_driver aesni_gcm_pmd_drv =3D { > .probe =3D aesni_gcm_probe, > .remove =3D aesni_gcm_remove > diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c b/drivers/crypt= o/aesni_gcm/aesni_gcm_pmd_ops.c > index 2f66c7c58..cc71dbd60 100644 > --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c > +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c > @@ -7,6 +7,7 @@ > #include > #include > #include > +#include >=20 > #include "aesni_gcm_pmd_private.h" >=20 > @@ -316,6 +317,85 @@ aesni_gcm_pmd_sym_session_clear(struct rte_cryptodev= *dev, > } > } >=20 > +static int > +aesni_gcm_security_session_create(void *dev, > + struct rte_security_session_conf *conf, > + struct rte_security_session *sess, > + struct rte_mempool *mempool) > +{ > + struct rte_cryptodev *cdev =3D dev; > + struct aesni_gcm_private *internals =3D cdev->data->dev_private; > + struct aesni_gcm_security_session *sess_priv; > + int ret; > + > + if (!conf->crypto_xform) { > + AESNI_GCM_LOG(ERR, "Invalid security session conf"); > + return -EINVAL; > + } > + > + if (conf->crypto_xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_AUTH) { > + AESNI_GCM_LOG(ERR, "GMAC is not supported in security session"); > + return -EINVAL; > + } > + > + > + if (rte_mempool_get(mempool, (void **)(&sess_priv))) { > + AESNI_GCM_LOG(ERR, > + "Couldn't get object from session mempool"); > + return -ENOMEM; > + } > + > + ret =3D aesni_gcm_set_session_parameters(internals->ops, > + &sess_priv->sess, conf->crypto_xform); > + if (ret !=3D 0) { > + AESNI_GCM_LOG(ERR, "Failed configure session parameters"); > + > + /* Return session to mempool */ > + rte_mempool_put(mempool, (void *)sess_priv); > + return ret; > + } > + > + sess_priv->pre =3D internals->ops[sess_priv->sess.key].pre; > + sess_priv->init =3D internals->ops[sess_priv->sess.key].init; > + if (sess_priv->sess.op =3D=3D AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION) { > + sess_priv->update =3D > + internals->ops[sess_priv->sess.key].update_enc; > + sess_priv->finalize =3D > + internals->ops[sess_priv->sess.key].finalize_enc; > + } else { > + sess_priv->update =3D > + internals->ops[sess_priv->sess.key].update_dec; > + sess_priv->finalize =3D > + internals->ops[sess_priv->sess.key].finalize_dec; > + } > + > + sess->sess_private_data =3D sess_priv; > + > + return 0; > +} > + > +static int > +aesni_gcm_security_session_destroy(void *dev __rte_unused, > + struct rte_security_session *sess) > +{ > + void *sess_priv =3D get_sec_session_private_data(sess); > + > + if (sess_priv) { > + struct rte_mempool *sess_mp =3D rte_mempool_from_obj(sess_priv); > + > + memset(sess, 0, sizeof(struct aesni_gcm_security_session)); > + set_sec_session_private_data(sess, NULL); > + rte_mempool_put(sess_mp, sess_priv); > + } > + return 0; > +} > + > +static unsigned int > +aesni_gcm_sec_session_get_size(__rte_unused void *device) > +{ > + return sizeof(struct aesni_gcm_security_session); > +} > + > struct rte_cryptodev_ops aesni_gcm_pmd_ops =3D { > .dev_configure =3D aesni_gcm_pmd_config, > .dev_start =3D aesni_gcm_pmd_start, > @@ -336,4 +416,19 @@ struct rte_cryptodev_ops aesni_gcm_pmd_ops =3D { > .sym_session_clear =3D aesni_gcm_pmd_sym_session_clear > }; >=20 > +static struct rte_security_ops aesni_gcm_security_ops =3D { > + .session_create =3D aesni_gcm_security_session_create, > + .session_get_size =3D aesni_gcm_sec_session_get_size, > + .session_update =3D NULL, > + .session_stats_get =3D NULL, > + .session_destroy =3D aesni_gcm_security_session_destroy, > + .set_pkt_metadata =3D NULL, > + .capabilities_get =3D NULL, > + .process_cpu_crypto_bulk =3D > + aesni_gcm_sec_crypto_process_bulk, > +}; > + > struct rte_cryptodev_ops *rte_aesni_gcm_pmd_ops =3D &aesni_gcm_pmd_ops; > + > +struct rte_security_ops *rte_aesni_gcm_pmd_security_ops =3D > + &aesni_gcm_security_ops; > diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/c= rypto/aesni_gcm/aesni_gcm_pmd_private.h > index 56b29e013..ed3f6eb2e 100644 > --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h > +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h > @@ -114,5 +114,28 @@ aesni_gcm_set_session_parameters(const struct aesni_= gcm_ops *ops, > * Device specific operations function pointer structure */ > extern struct rte_cryptodev_ops *rte_aesni_gcm_pmd_ops; >=20 > +/** > + * Security session structure. > + */ > +struct aesni_gcm_security_session { > + /** Temp digest for decryption */ > + uint8_t temp_digest[DIGEST_LENGTH_MAX]; > + /** GCM operations */ > + aesni_gcm_pre_t pre; > + aesni_gcm_init_t init; > + aesni_gcm_update_t update; > + aesni_gcm_finalize_t finalize; > + /** AESNI-GCM session */ > + struct aesni_gcm_session sess; > + /** AESNI-GCM context */ > + struct gcm_context_data gdata_ctx; > +}; > + > +extern int > +aesni_gcm_sec_crypto_process_bulk(struct rte_security_session *sess, > + struct rte_security_vec buf[], void *iv[], void *aad[], > + void *digest[], int status[], uint32_t num); > + > +extern struct rte_security_ops *rte_aesni_gcm_pmd_security_ops; >=20 > #endif /* _RTE_AESNI_GCM_PMD_PRIVATE_H_ */ > diff --git a/drivers/crypto/aesni_gcm/meson.build b/drivers/crypto/aesni_= gcm/meson.build > index 3a6e332dc..f6e160bb3 100644 > --- a/drivers/crypto/aesni_gcm/meson.build > +++ b/drivers/crypto/aesni_gcm/meson.build > @@ -22,4 +22,4 @@ endif >=20 > allow_experimental_apis =3D true > sources =3D files('aesni_gcm_pmd.c', 'aesni_gcm_pmd_ops.c') > -deps +=3D ['bus_vdev'] > +deps +=3D ['bus_vdev', 'security'] > -- > 2.14.5