From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3B561A2EFC for ; Thu, 19 Sep 2019 17:57:58 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 2924E1F10E; Thu, 19 Sep 2019 17:57:57 +0200 (CEST) Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150075.outbound.protection.outlook.com [40.107.15.75]) by dpdk.org (Postfix) with ESMTP id BFC9C1F108 for ; Thu, 19 Sep 2019 17:57:55 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Yv/GVZfWAP1k95Gn/Hyp+sGHrLwLG7HYBqHh2BEEN/uGO47DWqNFrb5qvLVckTSw1ZgXYgKbaTGPUwwGL+CUqpobpXhiLaLqOZWRo65ePhrHGOArp5v5vVl41QxjdEDKFlccjEGJe3Olf3+I8Z3cnHFVh9lwIgQR3ai8XviLo+3yeh1sbB3FEhSHaoyDRxFqUL6eE6UryLpneG5Zpz/Xe1UAWI61pMlG1FbnGre86Ln2YmxBjiYiVJnvrbdECLyRMjPwY4BiHY3PfEGM6bHabdJa0KjWG7gEb/wXZkBSjI9i2JNzEgX6st1wb8CDn6BBQ+Max6PFDQTBXF6J9niJXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LVrSmRhdYMFOvhHfqAnt4BAIaiBP8FF3NfaicMGlxhk=; b=WJHxt/9ctcKx12hz1DaIJOuHRXKA/YQyB/BA9udo0d30SUEFh/OUwP7IHt8/8+mA0g9tfAPuBAn8dk4S5ye8GDfUV3vENcioBuGVFrPRP1bkXY5l6PUyT7ZEAVehN3sMkVswkv3xGAH20FtEyAmaC/0HnSM5QGUjlg9cY1TGQ5cS/ly1/YR1EdNhsRVSWX8RpMpstNfajo8aSUuyRxC0Mj3zxER1Wd3XKxvupqZsXuI4QG7n1dM0sJ6HkeR4c0k45rIp9O1z5g22iS6vgvF97Je+GWUx4edUz6DycNWAhsy0REefMK/QJIUMk4AzMVVYacLZERqdIBc/qOjB4yQTBA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LVrSmRhdYMFOvhHfqAnt4BAIaiBP8FF3NfaicMGlxhk=; b=GY4Z2zMVhxJyxg907xUud3r0eV3QBFP+7lmXzxRK94Lm6wFAc8M3aXNO6TUWnVpwBejH7cqpR1AGKkAt6zbkwUKKAuExfWGePosIP3sLJ/VXaMtubr10AB/k81zIg0eQyfoJ1dhhTteZ2QwFzWHlMFnH+x8lS+W3gZpEkblz7cA= Received: from DB8PR04MB6635.eurprd04.prod.outlook.com (20.179.251.20) by DB8PR04MB6665.eurprd04.prod.outlook.com (20.179.251.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.20; Thu, 19 Sep 2019 15:57:54 +0000 Received: from DB8PR04MB6635.eurprd04.prod.outlook.com ([fe80::5078:877a:878f:52a]) by DB8PR04MB6635.eurprd04.prod.outlook.com ([fe80::5078:877a:878f:52a%6]) with mapi id 15.20.2263.023; Thu, 19 Sep 2019 15:57:54 +0000 From: Akhil Goyal To: Anoob Joseph , "dev@dpdk.org" CC: Hemant Agrawal , Jerin Jacob Kollanukkaran , "declan.doherty@intel.com" , "konstantin.ananyev@intel.com" , Narayana Prasad Raju Athreya Thread-Topic: [EXT] [PATCH] crypto/openssl: support SG for inplace buffers Thread-Index: AQHVYY3m2Jvtp0fOCEKLH61joF/Y0KcpLXYAgAoOMDA= Date: Thu, 19 Sep 2019 15:57:54 +0000 Message-ID: References: <20190902124234.2314-1-akhil.goyal@nxp.com> In-Reply-To: Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=akhil.goyal@nxp.com; x-originating-ip: [92.120.1.70] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 182e83bc-f57c-4017-d7c9-08d73d1a2223 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600167)(711020)(4605104)(1401327)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:DB8PR04MB6665; x-ms-traffictypediagnostic: DB8PR04MB6665:|DB8PR04MB6665: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 016572D96D x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(136003)(376002)(346002)(396003)(366004)(199004)(189003)(8676002)(30864003)(55016002)(64756008)(110136005)(44832011)(86362001)(66946007)(76116006)(7736002)(102836004)(66476007)(5660300002)(6506007)(478600001)(486006)(71190400001)(71200400001)(25786009)(66066001)(33656002)(8936002)(6246003)(446003)(74316002)(316002)(6436002)(256004)(26005)(14454004)(52536014)(76176011)(305945005)(2501003)(4326008)(81156014)(14444005)(81166006)(7696005)(66446008)(6116002)(66556008)(476003)(11346002)(54906003)(99286004)(186003)(3846002)(229853002)(9686003)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB8PR04MB6665; H:DB8PR04MB6635.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: CgWmHQiSJTU3qDJR9GUnLhoA/KqFlOiqUDN9LpSnOHykVczRoi/n089DxpsdCB/RrpK7dt1I2NBMWXIie7QGDcBj/MBpFQIqmGAjXu7yOYmlNf0/nou1Qy6iiXveVMvjFdlU7TJ8Qwm4+Rul7TQuSlMCmhYvJx0bgwTlXZScy0QZHduy5AX54TZiRO7KeXvR1d1AE/H+Guqs4yFBayrJjGEFBIgUfA4XZuLXYpQ4lRrgQ9RCZUAUkCMarDpWTiM91jUba/fT6UrrWQ1NQYYyq6QT/uJtJProaT3kMOyPnV7EBq2ogaa1dgGPECzE624xF25BQf5BlMno1R3x0safuE4DsAxI0ynRhWx3rpq9uZvalSO8yL/lFnNynXzfIu3i6LUf4BvfQ0qK4zJ4DdNxXX7Ujj8xbR/to+0kfuA7tTo= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 182e83bc-f57c-4017-d7c9-08d73d1a2223 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Sep 2019 15:57:54.5983 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: wX6K64+8n0aRs/0F8VimFlH7kk48pjmF+gbO/OWbxrqeSE03SMbeGHeub4D7YDPXu3shLs2cFZenaYbHPmL6GA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR04MB6665 Subject: Re: [dpdk-dev] [EXT] [PATCH] crypto/openssl: support SG for inplace buffers X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Anoob, > Hi Akhil, > > As per current support, scatter Gather is only supported for out of pla= ce > input >=20 > [Anoob] s/scatter/Scatter Ok >=20 > > and output buffers. > > This patch add support for scatter gather for inplace buffers. > > > > Signed-off-by: Akhil Goyal > > --- > > doc/guides/cryptodevs/features/openssl.ini | 1 + > > drivers/crypto/openssl/rte_openssl_pmd.c | 82 +++++++++++++++++--- > -- > > 2 files changed, 64 insertions(+), 19 deletions(-) > > > > diff --git a/doc/guides/cryptodevs/features/openssl.ini > > b/doc/guides/cryptodevs/features/openssl.ini > > index 6ddca39e7..30ffb111d 100644 > > --- a/doc/guides/cryptodevs/features/openssl.ini > > +++ b/doc/guides/cryptodevs/features/openssl.ini > > @@ -6,6 +6,7 @@ > > [Features] > > Symmetric crypto =3D Y > > Sym operation chaining =3D Y > > +In Place SGL =3D Y > > OOP SGL In LB Out =3D Y > > OOP LB In LB Out =3D Y > > Asymmetric crypto =3D Y > > diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c > > b/drivers/crypto/openssl/rte_openssl_pmd.c > > index 2f5552840..304ebc6ff 100644 > > --- a/drivers/crypto/openssl/rte_openssl_pmd.c > > +++ b/drivers/crypto/openssl/rte_openssl_pmd.c > > @@ -798,12 +798,12 @@ get_session(struct openssl_qp *qp, struct > > rte_crypto_op *op) > > */ > > static inline int > > process_openssl_encryption_update(struct rte_mbuf *mbuf_src, int > offset, > > - uint8_t **dst, int srclen, EVP_CIPHER_CTX *ctx) > > + uint8_t **dst, int srclen, EVP_CIPHER_CTX *ctx, uint8_t > inplace) > > { > > struct rte_mbuf *m; > > int dstlen; > > int l, n =3D srclen; > > - uint8_t *src; > > + uint8_t *src, temp[128]; >=20 > [Anoob] What is 128? Wouldn't a macro be better here? Will change it to EVP_CIPHER_CTX_block_size .=20 >=20 > > > > for (m =3D mbuf_src; m !=3D NULL && offset > rte_pktmbuf_data_len(m); > > m =3D m->next) > > @@ -813,6 +813,8 @@ process_openssl_encryption_update(struct > rte_mbuf > > *mbuf_src, int offset, > > return -1; > > > > src =3D rte_pktmbuf_mtod_offset(m, uint8_t *, offset); > > + if (inplace) > > + *dst =3D src; > > > > l =3D rte_pktmbuf_data_len(m) - offset; > > if (srclen <=3D l) { > > @@ -829,8 +831,24 @@ process_openssl_encryption_update(struct > rte_mbuf > > *mbuf_src, int offset, > > n -=3D l; > > > > for (m =3D m->next; (m !=3D NULL) && (n > 0); m =3D m->next) { > > + uint8_t diff =3D l - dstlen, rem; > > + > > src =3D rte_pktmbuf_mtod(m, uint8_t *); > > l =3D rte_pktmbuf_data_len(m) < n ? > rte_pktmbuf_data_len(m) : n; >=20 > [Anoob] Can you explain the logic of below lines? I was trying to underst= and > the two 'rte_memcpy's and how dst is being used there. As per the openssl API manual " EVP_EncryptUpdate() encrypts inl bytes from the buffer in and writes the = encrypted version to out. This function can be called multiple times to enc= rypt successive blocks of data. The amount of data written depends on the b= lock alignment of the encrypted data: as a result the amount of data writte= n may be anything from zero bytes to (inl + cipher_block_size - 1) so out s= hould contain sufficient room. The actual number of bytes written is placed= in outl. It also checks if in and out are partially overlapping, and if th= ey are 0 is returned to indicate failure. " So the problem with SG inline bufs is that if a particular SG is not block = aligned, then it will write less data for that SG. So we need to call EVP_E= ncryptUpdate for the diff bytes of previous SG and take the remaining of th= e block size from the next SG. Now we cannot store that in dst as it is, because it is not a contiguous b= uffer. So will get the output of EVP_EncryptUpdate to temp and copy diff by= tes in previous SG and the remaining bytes to next SG and update pointer ac= cordingly. >=20 > > + if (diff && inplace) { > > + rem =3D l > (EVP_CIPHER_CTX_block_size(ctx) - diff) ? > > + (EVP_CIPHER_CTX_block_size(ctx) - diff) : l; >=20 > [Anoob] Can't we use RTE_MIN here? Yes will change that. >=20 > > + if (EVP_EncryptUpdate(ctx, temp, > > + &dstlen, src, rem) <=3D 0) > > + return -1; > > + n -=3D rem; > > + rte_memcpy(*dst, temp, diff); > > + rte_memcpy(src, temp + diff, rem); > > + src +=3D rem; > > + l -=3D rem; > > + } > > + if (inplace) > > + *dst =3D src; > > if (EVP_EncryptUpdate(ctx, *dst, &dstlen, src, l) <=3D 0) > > return -1; > > *dst +=3D dstlen; > > @@ -842,12 +860,12 @@ process_openssl_encryption_update(struct > rte_mbuf > > *mbuf_src, int offset, > > > > static inline int > > process_openssl_decryption_update(struct rte_mbuf *mbuf_src, int > offset, > > - uint8_t **dst, int srclen, EVP_CIPHER_CTX *ctx) > > + uint8_t **dst, int srclen, EVP_CIPHER_CTX *ctx, uint8_t > inplace) > > { > > struct rte_mbuf *m; > > int dstlen; > > int l, n =3D srclen; > > - uint8_t *src; > > + uint8_t *src, temp[128]; > > > > for (m =3D mbuf_src; m !=3D NULL && offset > rte_pktmbuf_data_len(m); > > m =3D m->next) > > @@ -857,6 +875,8 @@ process_openssl_decryption_update(struct > rte_mbuf > > *mbuf_src, int offset, > > return -1; > > > > src =3D rte_pktmbuf_mtod_offset(m, uint8_t *, offset); > > + if (inplace) > > + *dst =3D src; > > > > l =3D rte_pktmbuf_data_len(m) - offset; > > if (srclen <=3D l) { > > @@ -873,8 +893,24 @@ process_openssl_decryption_update(struct > rte_mbuf > > *mbuf_src, int offset, > > n -=3D l; > > > > for (m =3D m->next; (m !=3D NULL) && (n > 0); m =3D m->next) { > > + uint8_t diff =3D l - dstlen, rem; > > + > > src =3D rte_pktmbuf_mtod(m, uint8_t *); > > l =3D rte_pktmbuf_data_len(m) < n ? > rte_pktmbuf_data_len(m) : n; > > + if (diff && inplace) { > > + rem =3D l > (EVP_CIPHER_CTX_block_size(ctx) - diff) ? > > + (EVP_CIPHER_CTX_block_size(ctx) - diff) : l; > > + if (EVP_EncryptUpdate(ctx, temp, > > + &dstlen, src, rem) <=3D 0) >=20 > [Anoob] Shouldn't this be EVP_DecryptUpdate()? Yes, good catch. >=20 > > + return -1; > > + n -=3D rem; > > + rte_memcpy(*dst, temp, diff); > > + rte_memcpy(src, temp + diff, rem); > > + src +=3D rem; > > + l -=3D rem; > > + } > > + if (inplace) > > + *dst =3D src; > > if (EVP_DecryptUpdate(ctx, *dst, &dstlen, src, l) <=3D 0) > > return -1; > > *dst +=3D dstlen; > > @@ -887,7 +923,8 @@ process_openssl_decryption_update(struct > rte_mbuf > > *mbuf_src, int offset, > > /** Process standard openssl cipher encryption */ static int > > process_openssl_cipher_encrypt(struct rte_mbuf *mbuf_src, uint8_t *dst, > > - int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx) > > + int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx, > > + uint8_t inplace) > > { > > int totlen; > > > > @@ -897,7 +934,7 @@ process_openssl_cipher_encrypt(struct rte_mbuf > > *mbuf_src, uint8_t *dst, > > EVP_CIPHER_CTX_set_padding(ctx, 0); > > > > if (process_openssl_encryption_update(mbuf_src, offset, &dst, > > - srclen, ctx)) > > + srclen, ctx, inplace)) > > goto process_cipher_encrypt_err; > > > > if (EVP_EncryptFinal_ex(ctx, dst, &totlen) <=3D 0) @@ -936,7 +973,8 > @@ > > process_openssl_cipher_bpi_encrypt(uint8_t *src, uint8_t *dst, > > /** Process standard openssl cipher decryption */ static int > > process_openssl_cipher_decrypt(struct rte_mbuf *mbuf_src, uint8_t *dst, > > - int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx) > > + int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx, > > + uint8_t inplace) > > { > > int totlen; > > > > @@ -946,7 +984,7 @@ process_openssl_cipher_decrypt(struct rte_mbuf > > *mbuf_src, uint8_t *dst, > > EVP_CIPHER_CTX_set_padding(ctx, 0); > > > > if (process_openssl_decryption_update(mbuf_src, offset, &dst, > > - srclen, ctx)) > > + srclen, ctx, inplace)) > > goto process_cipher_decrypt_err; > > > > if (EVP_DecryptFinal_ex(ctx, dst, &totlen) <=3D 0) @@ -1033,7 +1071,7 > > @@ process_openssl_auth_encryption_gcm(struct rte_mbuf *mbuf_src, > int > > offset, > > > > if (srclen > 0) > > if (process_openssl_encryption_update(mbuf_src, offset, > &dst, > > - srclen, ctx)) > > + srclen, ctx, 0)) > > goto process_auth_encryption_gcm_err; > > > > /* Workaround open ssl bug in version less then 1.0.1f */ @@ - > 1078,7 > > +1116,7 @@ process_openssl_auth_encryption_ccm(struct rte_mbuf > > *mbuf_src, int offset, > > > > if (srclen > 0) > > if (process_openssl_encryption_update(mbuf_src, offset, > &dst, > > - srclen, ctx)) > > + srclen, ctx, 0)) > > goto process_auth_encryption_ccm_err; > > > > if (EVP_EncryptFinal_ex(ctx, dst, &len) <=3D 0) @@ -1115,7 +1153,7 > @@ > > process_openssl_auth_decryption_gcm(struct rte_mbuf *mbuf_src, int > offset, > > > > if (srclen > 0) > > if (process_openssl_decryption_update(mbuf_src, offset, > &dst, > > - srclen, ctx)) > > + srclen, ctx, 0)) > > goto process_auth_decryption_gcm_err; > > > > /* Workaround open ssl bug in version less then 1.0.1f */ @@ - > 1161,7 > > +1199,7 @@ process_openssl_auth_decryption_ccm(struct rte_mbuf > > *mbuf_src, int offset, > > > > if (srclen > 0) > > if (process_openssl_decryption_update(mbuf_src, offset, > &dst, > > - srclen, ctx)) > > + srclen, ctx, 0)) > > return -EFAULT; > > > > return 0; > > @@ -1372,12 +1410,15 @@ process_openssl_cipher_op { > > uint8_t *dst, *iv; > > int srclen, status; > > + uint8_t inplace =3D (mbuf_src =3D=3D mbuf_dst) ? 1 : 0; > > > > /* > > - * Segmented destination buffer is not supported for > > - * encryption/decryption > > + * Segmented OOP destination buffer is not supported for > encryption/ > > + * decryption. In case of des3ctr, even inplace segmented buffers are > > + * not supported. > > */ > > - if (!rte_pktmbuf_is_contiguous(mbuf_dst)) { > > + if (!rte_pktmbuf_is_contiguous(mbuf_dst) && > > + (!inplace || sess->cipher.mode !=3D > > OPENSSL_CIPHER_LIB)) { > > op->status =3D RTE_CRYPTO_OP_STATUS_ERROR; > > return; > > } > > @@ -1393,11 +1434,13 @@ process_openssl_cipher_op > > if (sess->cipher.direction =3D=3D > > RTE_CRYPTO_CIPHER_OP_ENCRYPT) > > status =3D process_openssl_cipher_encrypt(mbuf_src, > dst, > > op->sym->cipher.data.offset, iv, > > - srclen, sess->cipher.ctx); > > + srclen, sess->cipher.ctx, > > + inplace); > > else > > status =3D process_openssl_cipher_decrypt(mbuf_src, > dst, > > op->sym->cipher.data.offset, iv, > > - srclen, sess->cipher.ctx); > > + srclen, sess->cipher.ctx, > > + inplace); > > else > > status =3D process_openssl_cipher_des3ctr(mbuf_src, dst, > > op->sym->cipher.data.offset, iv, > > @@ -1441,7 +1484,7 @@ process_openssl_docsis_bpi_op(struct > rte_crypto_op > > *op, > > /* Encrypt with the block aligned stream with CBC > > mode */ > > status =3D process_openssl_cipher_encrypt(mbuf_src, > dst, > > op->sym->cipher.data.offset, iv, > > - srclen, sess->cipher.ctx); > > + srclen, sess->cipher.ctx, 0); > > if (last_block_len) { > > /* Point at last block */ > > dst +=3D srclen; > > @@ -1491,7 +1534,7 @@ process_openssl_docsis_bpi_op(struct > rte_crypto_op > > *op, > > /* Decrypt with CBC mode */ > > status |=3D process_openssl_cipher_decrypt(mbuf_src, > > dst, > > op->sym->cipher.data.offset, iv, > > - srclen, sess->cipher.ctx); > > + srclen, sess->cipher.ctx, 0); > > } > > } > > > > @@ -2121,6 +2164,7 @@ cryptodev_openssl_create(const char *name, > > dev->feature_flags =3D RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | > > RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | > > RTE_CRYPTODEV_FF_CPU_AESNI | > > + RTE_CRYPTODEV_FF_IN_PLACE_SGL | > > RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | > > RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | > > RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO | > > -- > > 2.17.1