[dpdk-dev] [PATCH] examples/l2fwd-crypto: support cipher multiple data-unit

[dpdk-dev] [PATCH] examples/l2fwd-crypto: support cipher multiple data-unit

[Matan Azrad]

Patch [1] added a new API to support multiple data-units in cipher
operations.

Add a support for this API:
- Add a new command-line argument to provide the data-unit length.
- Set the length in the cipher xform.
- Validate device capabilities for this feature.
- Pad the AES-XTS operation length to be aligned to the defined data-unit.

[1]: commit d014dddb2d69 ("cryptodev: support multiple cipher data-units")

Signed-off-by: Matan Azrad <matan@nvidia.com>
---
 .../sample_app_ug/l2_forward_crypto.rst       |  7 ++-
 examples/l2fwd-crypto/main.c                  | 61 +++++++++++++++++++
 2 files changed, 66 insertions(+), 2 deletions(-)

diff --git a/doc/guides/sample_app_ug/l2_forward_crypto.rst b/doc/guides/sample_app_ug/l2_forward_crypto.rst
index e2c0f9f1ec..cc772aaec4 100644
--- a/doc/guides/sample_app_ug/l2_forward_crypto.rst
+++ b/doc/guides/sample_app_ug/l2_forward_crypto.rst
@@ -41,8 +41,9 @@ The application requires a number of command line options:
 
     ./<build_dir>/examples/dpdk-l2fwd-crypto [EAL options] -- [-p PORTMASK] [-q NQ] [-s] [-T PERIOD] /
     [--cdev_type HW/SW/ANY] [--chain HASH_CIPHER/CIPHER_HASH/CIPHER_ONLY/HASH_ONLY/AEAD] /
-    [--cipher_algo ALGO] [--cipher_op ENCRYPT/DECRYPT] [--cipher_key KEY] /
-    [--cipher_key_random_size SIZE] [--cipher_iv IV] [--cipher_iv_random_size SIZE] /
+    [--cipher_algo ALGO] [--cipher_op ENCRYPT/DECRYPT] [--cipher_dataunit_len SIZE] /
+    [--cipher_key KEY] [--cipher_key_random_size SIZE] [--cipher_iv IV] /
+    [--cipher_iv_random_size SIZE] /
     [--auth_algo ALGO] [--auth_op GENERATE/VERIFY] [--auth_key KEY] /
     [--auth_key_random_size SIZE] [--auth_iv IV] [--auth_iv_random_size SIZE] /
     [--aead_algo ALGO] [--aead_op ENCRYPT/DECRYPT] [--aead_key KEY] /
@@ -81,6 +82,8 @@ where,
 
     (default is ENCRYPT)
 
+*   cipher_dataunit_len: set the length of the cipher data-unit.
+
 *   cipher_key: set the ciphering key to be used. Bytes has to be separated with ":"
 
 *   cipher_key_random_size: set the size of the ciphering key,
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 4f51616492..22bd47061b 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -182,6 +182,8 @@ struct l2fwd_crypto_params {
 	unsigned digest_length;
 	unsigned block_size;
 
+	uint16_t cipher_dataunit_len;
+
 	struct l2fwd_iv cipher_iv;
 	struct l2fwd_iv auth_iv;
 	struct l2fwd_iv aead_iv;
@@ -434,6 +436,12 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 				pad_len = cparams->block_size -
 					(data_len % cparams->block_size);
 			break;
+		case RTE_CRYPTO_CIPHER_AES_XTS:
+			if (cparams->cipher_dataunit_len != 0 &&
+			    (data_len % cparams->cipher_dataunit_len))
+				pad_len = cparams->cipher_dataunit_len -
+					(data_len % cparams->cipher_dataunit_len);
+			break;
 		default:
 			pad_len = 0;
 		}
@@ -827,6 +835,8 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 						port_cparams[i].cipher_iv.length);
 
 			port_cparams[i].cipher_algo = options->cipher_xform.cipher.algo;
+			port_cparams[i].cipher_dataunit_len =
+				options->cipher_xform.cipher.dataunit_len;
 			/* Set IV parameters */
 			options->cipher_xform.cipher.iv.offset = IV_OFFSET;
 			options->cipher_xform.cipher.iv.length =
@@ -989,6 +999,7 @@ l2fwd_crypto_usage(const char *prgname)
 		"  --cipher_key_random_size SIZE: size of cipher key when generated randomly\n"
 		"  --cipher_iv IV (bytes separated with \":\")\n"
 		"  --cipher_iv_random_size SIZE: size of cipher IV when generated randomly\n"
+		"  --cipher_dataunit_len SIZE: length of the algorithm data-unit\n"
 
 		"  --auth_algo ALGO\n"
 		"  --auth_op GENERATE / VERIFY\n"
@@ -1215,6 +1226,7 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 		struct option *lgopts, int option_index)
 {
 	int retval;
+	int val;
 
 	if (strcmp(lgopts[option_index].name, "cdev_type") == 0) {
 		retval = parse_cryptodev_type(&options->type, optarg);
@@ -1245,6 +1257,16 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 			return -1;
 	}
 
+	else if (strcmp(lgopts[option_index].name, "cipher_dataunit_len") == 0) {
+		retval = parse_size(&val, optarg);
+		if (retval == 0 && val >= 0 && val <= UINT16_MAX) {
+			options->cipher_xform.cipher.dataunit_len =
+								(uint16_t)val;
+			return 0;
+		} else
+			return -1;
+	}
+
 	else if (strcmp(lgopts[option_index].name, "cipher_key_random_size") == 0)
 		return parse_size(&options->ckey_random_size, optarg);
 
@@ -1469,6 +1491,7 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 
 	options->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
 	options->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+	options->cipher_xform.cipher.dataunit_len = 0;
 
 	/* Authentication Data */
 	options->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -1644,6 +1667,7 @@ l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,
 			{ "cipher_key_random_size", required_argument, 0, 0 },
 			{ "cipher_iv", required_argument, 0, 0 },
 			{ "cipher_iv_random_size", required_argument, 0, 0 },
+			{ "cipher_dataunit_len", required_argument, 0, 0},
 
 			{ "auth_algo", required_argument, 0, 0 },
 			{ "auth_op", required_argument, 0, 0 },
@@ -2158,6 +2182,43 @@ check_capabilities(struct l2fwd_crypto_options *options, uint8_t cdev_id)
 				return -1;
 			}
 		}
+
+		if (options->cipher_xform.cipher.dataunit_len > 0) {
+			if (!(dev_info.feature_flags &
+				RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS)) {
+					RTE_LOG(DEBUG, USER1,
+						"Device %u does not support "
+						"cipher multiple data units\n",
+						cdev_id);
+					return -1;
+			}
+			if (cap->sym.cipher.dataunit_set != 0) {
+				int ret = 0;
+
+				switch (options->cipher_xform.cipher.dataunit_len) {
+				case 512:
+					if (!(cap->sym.cipher.dataunit_set &
+						RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_512_BYTES))
+						ret = -1;
+					break;
+				case 4096:
+					if (!(cap->sym.cipher.dataunit_set &
+						RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_4096_BYTES))
+						ret = -1;
+					break;
+				default:
+					ret = -1;
+				}
+				if (ret == -1) {
+					RTE_LOG(DEBUG, USER1,
+						"Device %u does not support "
+						"data-unit length %u\n",
+						cdev_id,
+						options->cipher_xform.cipher.dataunit_len);
+					return -1;
+				}
+			}
+		}
 	}
 
 	/* Set auth parameters */
-- 
2.25.1

[dpdk-dev] [PATCH v2] examples/l2fwd-crypto: support cipher multiple data-unit

[Matan Azrad]

The support for multiple data-units includes the next:
- Add a new command-line argument to provide the data-unit length.
- Set the length in the cipher xform.
- Validate device capabilities for this feature.
- Pad the AES-XTS operation length to be aligned to the defined data-unit.

Signed-off-by: Matan Azrad <matan@nvidia.com>
---

v2: remove the feature patch reference.

 .../sample_app_ug/l2_forward_crypto.rst       |  7 ++-
 examples/l2fwd-crypto/main.c                  | 61 +++++++++++++++++++
 2 files changed, 66 insertions(+), 2 deletions(-)

diff --git a/doc/guides/sample_app_ug/l2_forward_crypto.rst b/doc/guides/sample_app_ug/l2_forward_crypto.rst
index e2c0f9f1ec..cc772aaec4 100644
--- a/doc/guides/sample_app_ug/l2_forward_crypto.rst
+++ b/doc/guides/sample_app_ug/l2_forward_crypto.rst
@@ -41,8 +41,9 @@ The application requires a number of command line options:
 
     ./<build_dir>/examples/dpdk-l2fwd-crypto [EAL options] -- [-p PORTMASK] [-q NQ] [-s] [-T PERIOD] /
     [--cdev_type HW/SW/ANY] [--chain HASH_CIPHER/CIPHER_HASH/CIPHER_ONLY/HASH_ONLY/AEAD] /
-    [--cipher_algo ALGO] [--cipher_op ENCRYPT/DECRYPT] [--cipher_key KEY] /
-    [--cipher_key_random_size SIZE] [--cipher_iv IV] [--cipher_iv_random_size SIZE] /
+    [--cipher_algo ALGO] [--cipher_op ENCRYPT/DECRYPT] [--cipher_dataunit_len SIZE] /
+    [--cipher_key KEY] [--cipher_key_random_size SIZE] [--cipher_iv IV] /
+    [--cipher_iv_random_size SIZE] /
     [--auth_algo ALGO] [--auth_op GENERATE/VERIFY] [--auth_key KEY] /
     [--auth_key_random_size SIZE] [--auth_iv IV] [--auth_iv_random_size SIZE] /
     [--aead_algo ALGO] [--aead_op ENCRYPT/DECRYPT] [--aead_key KEY] /
@@ -81,6 +82,8 @@ where,
 
     (default is ENCRYPT)
 
+*   cipher_dataunit_len: set the length of the cipher data-unit.
+
 *   cipher_key: set the ciphering key to be used. Bytes has to be separated with ":"
 
 *   cipher_key_random_size: set the size of the ciphering key,
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index 4f51616492..22bd47061b 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -182,6 +182,8 @@ struct l2fwd_crypto_params {
 	unsigned digest_length;
 	unsigned block_size;
 
+	uint16_t cipher_dataunit_len;
+
 	struct l2fwd_iv cipher_iv;
 	struct l2fwd_iv auth_iv;
 	struct l2fwd_iv aead_iv;
@@ -434,6 +436,12 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 				pad_len = cparams->block_size -
 					(data_len % cparams->block_size);
 			break;
+		case RTE_CRYPTO_CIPHER_AES_XTS:
+			if (cparams->cipher_dataunit_len != 0 &&
+			    (data_len % cparams->cipher_dataunit_len))
+				pad_len = cparams->cipher_dataunit_len -
+					(data_len % cparams->cipher_dataunit_len);
+			break;
 		default:
 			pad_len = 0;
 		}
@@ -827,6 +835,8 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
 						port_cparams[i].cipher_iv.length);
 
 			port_cparams[i].cipher_algo = options->cipher_xform.cipher.algo;
+			port_cparams[i].cipher_dataunit_len =
+				options->cipher_xform.cipher.dataunit_len;
 			/* Set IV parameters */
 			options->cipher_xform.cipher.iv.offset = IV_OFFSET;
 			options->cipher_xform.cipher.iv.length =
@@ -989,6 +999,7 @@ l2fwd_crypto_usage(const char *prgname)
 		"  --cipher_key_random_size SIZE: size of cipher key when generated randomly\n"
 		"  --cipher_iv IV (bytes separated with \":\")\n"
 		"  --cipher_iv_random_size SIZE: size of cipher IV when generated randomly\n"
+		"  --cipher_dataunit_len SIZE: length of the algorithm data-unit\n"
 
 		"  --auth_algo ALGO\n"
 		"  --auth_op GENERATE / VERIFY\n"
@@ -1215,6 +1226,7 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 		struct option *lgopts, int option_index)
 {
 	int retval;
+	int val;
 
 	if (strcmp(lgopts[option_index].name, "cdev_type") == 0) {
 		retval = parse_cryptodev_type(&options->type, optarg);
@@ -1245,6 +1257,16 @@ l2fwd_crypto_parse_args_long_options(struct l2fwd_crypto_options *options,
 			return -1;
 	}
 
+	else if (strcmp(lgopts[option_index].name, "cipher_dataunit_len") == 0) {
+		retval = parse_size(&val, optarg);
+		if (retval == 0 && val >= 0 && val <= UINT16_MAX) {
+			options->cipher_xform.cipher.dataunit_len =
+								(uint16_t)val;
+			return 0;
+		} else
+			return -1;
+	}
+
 	else if (strcmp(lgopts[option_index].name, "cipher_key_random_size") == 0)
 		return parse_size(&options->ckey_random_size, optarg);
 
@@ -1469,6 +1491,7 @@ l2fwd_crypto_default_options(struct l2fwd_crypto_options *options)
 
 	options->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
 	options->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+	options->cipher_xform.cipher.dataunit_len = 0;
 
 	/* Authentication Data */
 	options->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
@@ -1644,6 +1667,7 @@ l2fwd_crypto_parse_args(struct l2fwd_crypto_options *options,
 			{ "cipher_key_random_size", required_argument, 0, 0 },
 			{ "cipher_iv", required_argument, 0, 0 },
 			{ "cipher_iv_random_size", required_argument, 0, 0 },
+			{ "cipher_dataunit_len", required_argument, 0, 0},
 
 			{ "auth_algo", required_argument, 0, 0 },
 			{ "auth_op", required_argument, 0, 0 },
@@ -2158,6 +2182,43 @@ check_capabilities(struct l2fwd_crypto_options *options, uint8_t cdev_id)
 				return -1;
 			}
 		}
+
+		if (options->cipher_xform.cipher.dataunit_len > 0) {
+			if (!(dev_info.feature_flags &
+				RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS)) {
+					RTE_LOG(DEBUG, USER1,
+						"Device %u does not support "
+						"cipher multiple data units\n",
+						cdev_id);
+					return -1;
+			}
+			if (cap->sym.cipher.dataunit_set != 0) {
+				int ret = 0;
+
+				switch (options->cipher_xform.cipher.dataunit_len) {
+				case 512:
+					if (!(cap->sym.cipher.dataunit_set &
+						RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_512_BYTES))
+						ret = -1;
+					break;
+				case 4096:
+					if (!(cap->sym.cipher.dataunit_set &
+						RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_4096_BYTES))
+						ret = -1;
+					break;
+				default:
+					ret = -1;
+				}
+				if (ret == -1) {
+					RTE_LOG(DEBUG, USER1,
+						"Device %u does not support "
+						"data-unit length %u\n",
+						cdev_id,
+						options->cipher_xform.cipher.dataunit_len);
+					return -1;
+				}
+			}
+		}
 	}
 
 	/* Set auth parameters */
-- 
2.25.1

Re: [dpdk-dev] [EXT] [PATCH v2] examples/l2fwd-crypto: support cipher multiple data-unit

[Akhil Goyal]

> The support for multiple data-units includes the next:
> - Add a new command-line argument to provide the data-unit length.
> - Set the length in the cipher xform.
> - Validate device capabilities for this feature.
> - Pad the AES-XTS operation length to be aligned to the defined data-unit.
> 
> Signed-off-by: Matan Azrad <matan@nvidia.com>
> ---
Acked-by: Akhil Goyal <gakhil@marvell.com>
Applied to dpdk-next-crypto

Thanks