From: Akhil Goyal <akhil.goyal@nxp.com>
To: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>,
<declan.doherty@intel.com>, <dev@dpdk.org>
Cc: Marcin Kerlin <marcinx.kerlin@intel.com>,
Slawomir Mrozowicz <slawomirx.mrozowicz@intel.com>,
Michal Kobylinski <michalx.kobylinski@intel.com>,
Tomasz Kulasek <tomaszx.kulasek@intel.com>,
Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
Subject: Re: [dpdk-dev] [PATCH 1/4] libcrypto_pmd: initial implementation of SW crypto device
Date: Mon, 12 Sep 2016 16:46:53 +0530 [thread overview]
Message-ID: <4d920e7a-cebc-4ece-e5a2-dccfc3e66a3b@nxp.com> (raw)
In-Reply-To: <1472196117-21750-2-git-send-email-piotrx.t.azarewicz@intel.com>
On 8/26/2016 12:51 PM, Piotr Azarewicz wrote:
> +/** Provide session for operation */
> +static struct libcrypto_session *
> +get_session(struct libcrypto_qp *qp, struct rte_crypto_op *op)
> +{
> + struct libcrypto_session *sess = NULL;
> +
> + if (op->sym->sess_type == RTE_CRYPTO_SYM_OP_WITH_SESSION) {
> + /* get existing session */
> + if (!unlikely(op->sym->session == NULL ||
> + op->sym->session->dev_type !=
> + RTE_CRYPTODEV_LIBCRYPTO_PMD))
> + sess = (struct libcrypto_session *)
> + op->sym->session->_private;
> + } else {
> + /* provide internal session */
> + void *_sess = NULL;
> +
> + if (!rte_mempool_get(qp->sess_mp, (void **)&_sess)) {
> + sess = (struct libcrypto_session *)
> + ((struct rte_cryptodev_sym_session *)_sess)
> + ->_private;
> +
> + if (unlikely(libcrypto_set_session_parameters(
> + sess, op->sym->xform) != 0)) {
> + rte_mempool_put(qp->sess_mp, _sess);
> + sess = NULL;
> + } else
> + op->sym->session = _sess;
> + }
> + }
> +
> + if (sess == NULL)
> + op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
> +
> + return sess;
> +}
> +
> +/*
> + *------------------------------------------------------------------------------
> + * Process Operations
> + *------------------------------------------------------------------------------
> + */
> +
> +/** Process standard libcrypto cipher encryption */
> +static int
> +process_libcrypto_cipher_encrypt(uint8_t *src, uint8_t *dst,
> + uint8_t *iv, uint8_t *key, int srclen,
> + EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo)
> +{
> + int dstlen, totlen;
> +
> + if (EVP_EncryptInit_ex(ctx, algo, NULL, key, iv) <= 0)
> + goto process_cipher_encrypt_err;
[Akhil] this EVP_EncryptInit_ex() can be done for each session instead
of each packet. This will improve the performance. Also if there is some
change in the parameters later then it can be called again here with the
updated parameters only.
Same comment is for all cases (hmac, auth, etc)
> +
> + if (EVP_EncryptUpdate(ctx, dst, &dstlen, src, srclen) <= 0)
> + goto process_cipher_encrypt_err;
> +
> + if (EVP_EncryptFinal_ex(ctx, dst + dstlen, &totlen) <= 0)
> + goto process_cipher_encrypt_err;
> +
> + return 0;
> +
> +process_cipher_encrypt_err:
> + LIBCRYPTO_LOG_ERR("Process libcrypto cipher encrypt failed");
> + return -EINVAL;
> +}
> +
> +/** Process standard libcrypto cipher decryption */
> +static int
> +process_libcrypto_cipher_decrypt(uint8_t *src, uint8_t *dst,
> + uint8_t *iv, uint8_t *key, int srclen,
> + EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo)
> +{
> + int dstlen, totlen;
> +
> + if (EVP_DecryptInit_ex(ctx, algo, NULL, key, iv) <= 0)
> + goto process_cipher_decrypt_err;
> +
> + if (EVP_CIPHER_CTX_set_padding(ctx, 0) <= 0)
> + goto process_cipher_decrypt_err;
> +
> + if (EVP_DecryptUpdate(ctx, dst, &dstlen, src, srclen) <= 0)
> + goto process_cipher_decrypt_err;
> +
> + if (EVP_DecryptFinal_ex(ctx, dst + dstlen, &totlen) <= 0)
> + goto process_cipher_decrypt_err;
> +
> + return 0;
> +
> +process_cipher_decrypt_err:
> + LIBCRYPTO_LOG_ERR("Process libcrypto cipher decrypt failed");
> + return -EINVAL;
> +}
> +
> +/** Process cipher des 3 ctr encryption, decryption algorithm */
> +static int
> +process_libcrypto_cipher_des3ctr(uint8_t *src, uint8_t *dst,
> + uint8_t *iv, uint8_t *key, int srclen, EVP_CIPHER_CTX *ctx)
> +{
> + uint8_t ebuf[8], ctr[8];
> + int unused, n;
> +
> + /* We use 3DES encryption also for decryption.
> + * IV is not important for 3DES ecb
> + */
> + if (EVP_EncryptInit_ex(ctx, EVP_des_ede3_ecb(), NULL, key, NULL) <= 0)
> + goto process_cipher_des3ctr_err;
> +
> + memcpy(ctr, iv, 8);
> + n = 0;
> +
> + while (n < srclen) {
> + if (n % 8 == 0) {
> + if (EVP_EncryptUpdate(ctx, (unsigned char *)&ebuf, &unused,
> + (const unsigned char *)&ctr, 8) <= 0)
> + goto process_cipher_des3ctr_err;
> + ctr_inc(ctr);
> + }
> + dst[n] = src[n] ^ ebuf[n % 8];
> + n++;
> + }
> +
> + return 0;
> +
> +process_cipher_des3ctr_err:
> + LIBCRYPTO_LOG_ERR("Process libcrypto cipher des 3 ede ctr failed");
> + return -EINVAL;
> +}
> +
> +/** Process auth gmac algorithm */
> +static int
> +process_libcrypto_auth_gmac(uint8_t *src, uint8_t *dst,
> + uint8_t *iv, uint8_t *key, int srclen, int ivlen,
> + EVP_CIPHER_CTX *ctx, const EVP_CIPHER *algo)
> +{
> + int unused;
> +
> + if (EVP_EncryptInit_ex(ctx, algo, NULL, NULL, NULL) <= 0)
> + goto process_auth_gmac_err;
> +
> + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, NULL) <= 0)
> + goto process_auth_gmac_err;
> +
> + if (EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv) <= 0)
> + goto process_auth_gmac_err;
> +
> + if (EVP_EncryptUpdate(ctx, NULL, &unused, src, srclen) <= 0)
> + goto process_auth_gmac_err;
> +
> + if (EVP_EncryptFinal_ex(ctx, NULL, &unused) <= 0)
> + goto process_auth_gmac_err;
> +
> + if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, dst) <= 0)
> + goto process_auth_gmac_err;
> +
> + return 0;
> +
> +process_auth_gmac_err:
> + LIBCRYPTO_LOG_ERR("Process libcrypto auth gmac failed");
> + return -EINVAL;
> +}
> +
> +/** Process standard libcrypto auth algorithms */
> +static int
> +process_libcrypto_auth(uint8_t *src, uint8_t *dst,
> + __rte_unused uint8_t *iv, __rte_unused EVP_PKEY * pkey,
> + int srclen, EVP_MD_CTX *ctx, const EVP_MD *algo)
> +{
> + size_t dstlen;
> +
> + if (EVP_DigestInit_ex(ctx, algo, NULL) <= 0)
> + goto process_auth_err;
> +
> + if (EVP_DigestUpdate(ctx, (char *)src, srclen) <= 0)
> + goto process_auth_err;
> +
> + if (EVP_DigestFinal_ex(ctx, dst, (unsigned int *)&dstlen) <= 0)
> + goto process_auth_err;
> +
> + return 0;
> +
> +process_auth_err:
> + LIBCRYPTO_LOG_ERR("Process libcrypto auth failed");
> + return -EINVAL;
> +}
> +
> +/** Process standard libcrypto auth algorithms with hmac */
> +static int
> +process_libcrypto_auth_hmac(uint8_t *src, uint8_t *dst,
> + __rte_unused uint8_t *iv, EVP_PKEY *pkey,
> + int srclen, EVP_MD_CTX *ctx, const EVP_MD *algo)
> +{
> + size_t dstlen;
> +
> + if (EVP_DigestSignInit(ctx, NULL, algo, NULL, pkey) <= 0)
> + goto process_auth_err;
> +
> + if (EVP_DigestSignUpdate(ctx, (char *)src, srclen) <= 0)
> + goto process_auth_err;
> +
> + if (EVP_DigestSignFinal(ctx, dst, &dstlen) <= 0)
> + goto process_auth_err;
> +
> + return 0;
> +
> +process_auth_err:
> + LIBCRYPTO_LOG_ERR("Process libcrypto auth failed");
> + return -EINVAL;
> +}
> +
> +/*----------------------------------------------------------------------------*/
> +
next prev parent reply other threads:[~2016-09-12 11:17 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-26 7:21 [dpdk-dev] [PATCH 0/4] New crypto software based device Piotr Azarewicz
2016-08-26 7:21 ` [dpdk-dev] [PATCH 1/4] libcrypto_pmd: initial implementation of SW crypto device Piotr Azarewicz
[not found] ` <CAOysbxoNTyTkz2A9oteLj2LfExObqnjSSsQK=s6p0kVuaEcS9g@mail.gmail.com>
2016-09-08 15:50 ` Zbigniew Bodek
2016-09-12 11:16 ` Akhil Goyal [this message]
2016-09-14 8:48 ` Jastrzebski, MichalX K
2016-10-11 9:50 ` Mrozowicz, SlawomirX
2016-08-26 7:21 ` [dpdk-dev] [PATCH 2/4] lib/cryptodev: added support to libcrypto PMD Piotr Azarewicz
2016-08-26 7:21 ` [dpdk-dev] [PATCH 3/4] app/test: added tests for " Piotr Azarewicz
2016-08-26 7:21 ` [dpdk-dev] [PATCH 4/4] examples/l2fwd-crypto: updated example " Piotr Azarewicz
2016-09-07 18:52 ` [dpdk-dev] [PATCH 0/4] New crypto software based device De Lara Guarch, Pablo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4d920e7a-cebc-4ece-e5a2-dccfc3e66a3b@nxp.com \
--to=akhil.goyal@nxp.com \
--cc=danielx.t.mrzyglod@intel.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=marcinx.kerlin@intel.com \
--cc=michalx.kobylinski@intel.com \
--cc=piotrx.t.azarewicz@intel.com \
--cc=slawomirx.mrozowicz@intel.com \
--cc=tomaszx.kulasek@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).