From: Matan Azrad <matan@nvidia.com>
To: dev@dpdk.org
Cc: akhil.goyal@nxp.com, Declan Doherty <declan.doherty@intel.com>,
Somalapuram Amaranath <asomalap@amd.com>,
Ruifeng Wang <ruifeng.wang@arm.com>,
Ajit Khaparde <ajit.khaparde@broadcom.com>,
Anoob Joseph <anoobj@marvell.com>,
Fan Zhang <roy.fan.zhang@intel.com>,
John Griffin <john.griffin@intel.com>,
Pablo de Lara <pablo.de.lara.guarch@intel.com>,
Michael Shamis <michaelsh@marvell.com>,
Nagadheeraj Rottela <rnagadheeraj@marvell.com>,
Ankur Dwivedi <adwivedi@marvell.com>,
Gagandeep Singh <g.singh@nxp.com>,
Jay Zhou <jianjay.zhou@huawei.com>,
ArkadiuszX Kusztal <arkadiuszx.kusztal@intel.com>,
sashakot@nvidia.com, oren@nvidia.com,
Shiri Kuzin <shirik@nvidia.com>
Subject: [dpdk-dev] [PATCH] cryptodev: support multiple cipher data-units
Date: Sun, 14 Mar 2021 12:18:03 +0000 [thread overview]
Message-ID: <1615724283-26149-1-git-send-email-matan@nvidia.com> (raw)
In-Reply-To: <1612449252-395208-1-git-send-email-matan@nvidia.com>
In cryptography, a block cipher is a deterministic algorithm operating
on fixed-length groups of bits, called blocks.
A block cipher consists of two paired algorithms, one for encryption
and the other for decryption. Both algorithms accept two inputs:
an input block of size n bits and a key of size k bits; and both yield
an n-bit output block. The decryption algorithm is defined to be the
inverse function of the encryption.
For AES standard the block size is 16 bytes.
For AES in XTS mode, the data to be encrypted\decrypted does not have to
be multiple of 16B size, the unit of data is called data-unit.
The data-unit size can be any size in range [16B, 2^24B], so, in this
case, a data stream is divided into N amount of equal data-units and
must be encrypted\decrypted in the same data-unit resolution.
The current cryptodev API doesn't allow the user to select a specific
data-unit length supported by the devices.
In addition, there is no definition how the IV is detected per data-unit
when single operation includes more than one data-unit.
That causes applications to use single operation per data-unit even though
all the data is continuous in memory what reduces datapath performance.
Add a new feature flag to support multiple data-unit sizes, called
RTE_CRYPTODEV_FF_CIPHER_MULITPLE_DATA_UNITS.
Add a new field in cipher capability, called dataunit_set,
where the devices can report the range of the supported data-unit sizes.
Add a new cipher transformation field, called dataunit_len, where the user
can select the data-unit length for all the operations.
All the new fields do not change the size of their structures.
Using a bitmap to report the supported data-unit sizes capability allows
the devices to report a range simply as same as the user to read it
simply. also, thus sizes are usually common and probably will be shared
among different devices.
Signed-off-by: Matan Azrad <matan@nvidia.com>
---
First patch on it was sent as RFC.
This is first formal version, I updated according to comments on RFC discussions:
- Use data-unit term instead of block.
- Update cipher length description in OP.
- Improve descriptions on xform and capability.
- Improve commit log.
You welcome to comment more.
Please pay attention that a new fields was added in non-experimental structures but thier sizes hasn't changed.
doc/guides/cryptodevs/features/default.ini | 1 +
doc/guides/cryptodevs/overview.rst | 3 +++
doc/guides/rel_notes/release_21_05.rst | 6 ++++++
lib/librte_cryptodev/rte_crypto_sym.h | 17 +++++++++++++++--
lib/librte_cryptodev/rte_cryptodev.c | 2 ++
lib/librte_cryptodev/rte_cryptodev.h | 18 ++++++++++++++++++
6 files changed, 45 insertions(+), 2 deletions(-)
diff --git a/doc/guides/cryptodevs/features/default.ini b/doc/guides/cryptodevs/features/default.ini
index 17b177f..978bb30 100644
--- a/doc/guides/cryptodevs/features/default.ini
+++ b/doc/guides/cryptodevs/features/default.ini
@@ -31,6 +31,7 @@ CPU crypto =
Symmetric sessionless =
Non-Byte aligned data =
Sym raw data path API =
+Cipher multiple data units =
;
; Supported crypto algorithms of a default crypto driver.
diff --git a/doc/guides/cryptodevs/overview.rst b/doc/guides/cryptodevs/overview.rst
index e2a1e08..0597d25 100644
--- a/doc/guides/cryptodevs/overview.rst
+++ b/doc/guides/cryptodevs/overview.rst
@@ -46,6 +46,9 @@ Supported Feature Flags
- "Digest encrypted" feature flag means PMD support hash-cipher cases,
where generated digest is appended to and encrypted with the data.
+ - "CIPHER_MULITPLE_DATA_UNITS" feature flag means PMD support operations
+ on multiple data-units message.
+
Supported Cipher Algorithms
---------------------------
diff --git a/doc/guides/rel_notes/release_21_05.rst b/doc/guides/rel_notes/release_21_05.rst
index 88e7607..e4e41df 100644
--- a/doc/guides/rel_notes/release_21_05.rst
+++ b/doc/guides/rel_notes/release_21_05.rst
@@ -91,6 +91,12 @@ New Features
* Added a command line option to configure forced speed for Ethernet port.
``dpdk-testpmd -c 0xff -- -i --eth-link-speed N``
+* **Added feature to support multiple data-units on cryptodev library API.**
+
+ The Cryptodev library has been enhanced to allow operations on multiple
+ data-units for AES-XTS algorithm, the data-unit length should be set in the
+ transformation. A capability for it was added too.
+
Removed Items
-------------
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 9d572ec..6a07666 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -265,6 +265,18 @@ struct rte_crypto_cipher_xform {
* which can be in the range 7 to 13 inclusive.
*/
} iv; /**< Initialisation vector parameters */
+
+ uint32_t dataunit_len;
+ /**< When RTE_CRYPTODEV_FF_CIPHER_MULITPLE_DATA_UNITS is enabled,
+ * this is the data-unit length of the algorithm, otherwise or when the
+ * value is 0, use the operation length.
+ * The value should be in the range defined by the dataunit_set field
+ * in the cipher capability.
+ *
+ * - For AES-XTS it is the size of data-unit, from IEEE Std 1619-2007.
+ * For-each data-unit in the operation, the tweak(IV) value is
+ * assigned consecutively starting from the operation assigned IV.
+ */
};
/** Symmetric Authentication / Hash Algorithms
@@ -701,9 +713,10 @@ struct rte_crypto_sym_op {
/**< The message length, in bytes, of the
* source buffer on which the cryptographic
* operation will be computed.
+ * This is also the same as the result length.
* This must be a multiple of the block size
- * if a block cipher is being used. This is
- * also the same as the result length.
+ * or a multiple of data-unit length as
+ * described in xform.
*
* @note
* For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2,
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index 40f55a3..51f8448 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -617,6 +617,8 @@ struct rte_cryptodev_sym_session_pool_private_data {
return "SYM_SESSIONLESS";
case RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA:
return "NON_BYTE_ALIGNED_DATA";
+ case RTE_CRYPTODEV_FF_CIPHER_MULITPLE_DATA_UNITS:
+ return "CIPHER_MULITPLE_DATA_UNITS";
default:
return NULL;
}
diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h
index ae34f33..cd914ff 100644
--- a/lib/librte_cryptodev/rte_cryptodev.h
+++ b/lib/librte_cryptodev/rte_cryptodev.h
@@ -96,6 +96,17 @@ struct rte_crypto_param_range {
};
/**
+ * Data-unit lengths of cipher algorithms, each bit represents single or
+ * range of data-unit lengths
+ */
+#define RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_512_BYTES (1 << 0)
+#define RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_520_BYTES (1 << 1)
+#define RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_4048_BYTES (1 << 2)
+#define RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_4096_BYTES (1 << 3)
+#define RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_4160_BYTES (1 << 4)
+#define RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_1M_BYTES (1 << 5)
+
+/**
* Symmetric Crypto Capability
*/
struct rte_cryptodev_symmetric_capability {
@@ -127,6 +138,11 @@ struct rte_cryptodev_symmetric_capability {
/**< cipher key size range */
struct rte_crypto_param_range iv_size;
/**< Initialisation vector data size range */
+ uint32_t dataunit_set;
+ /**<
+ * A bitmap for a set of the supported data-unit lengths
+ * 0 for any defined length in the algorithm standard
+ */
} cipher;
/**< Symmetric Cipher transform capabilities */
struct {
@@ -461,6 +477,8 @@ struct rte_cryptodev_asym_capability_idx {
/**< Support operations on data which is not byte aligned */
#define RTE_CRYPTODEV_FF_SYM_RAW_DP (1ULL << 24)
/**< Support accelerator specific symmetric raw data-path APIs */
+#define RTE_CRYPTODEV_FF_CIPHER_MULITPLE_DATA_UNITS (1ULL << 25)
+/**< Support operations on multiple data-units data */
/**
* Get the name of a crypto device feature flag
--
1.8.3.1
next prev parent reply other threads:[~2021-03-14 12:18 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-04 14:34 [dpdk-dev] [PATCH] cryptodev: support multiple cipher block sizes Matan Azrad
2021-02-05 16:50 ` Zhang, Roy Fan
2021-02-08 12:10 ` Kusztal, ArkadiuszX
2021-02-08 13:36 ` Matan Azrad
2021-02-08 15:28 ` Kusztal, ArkadiuszX
2021-02-08 18:23 ` Matan Azrad
2021-02-26 7:50 ` Kusztal, ArkadiuszX
2021-02-26 5:01 ` [dpdk-dev] [EXT] " Anoob Joseph
2021-03-01 7:55 ` Matan Azrad
2021-03-01 9:29 ` Kusztal, ArkadiuszX
2021-03-14 12:18 ` Matan Azrad [this message]
2021-04-04 15:17 ` [dpdk-dev] [PATCH v2] cryptodev: support multiple cipher data-units Matan Azrad
[not found] ` <20210404150809.2154241-1-matan@nvidia.com>
2021-04-13 12:02 ` [dpdk-dev] [EXT] " Akhil Goyal
2021-04-13 16:39 ` Thomas Monjalon
2021-04-13 18:19 ` [dpdk-dev] [PATCH v3] " Thomas Monjalon
2021-04-13 19:48 ` Matan Azrad
2021-04-13 20:42 ` [dpdk-dev] [PATCH v4] " Thomas Monjalon
2021-04-14 18:37 ` [dpdk-dev] [EXT] " Akhil Goyal
2021-04-14 19:38 ` Thomas Monjalon
2021-04-14 19:43 ` Akhil Goyal
2021-04-14 20:17 ` Thomas Monjalon
2021-04-14 20:15 ` [dpdk-dev] [PATCH] doc: announce extension of crypto data-unit length Thomas Monjalon
2021-05-17 19:41 ` [dpdk-dev] [EXT] " Akhil Goyal
2021-07-31 17:10 ` Thomas Monjalon
2021-07-31 18:58 ` [dpdk-dev] " Ajit Khaparde
2021-08-02 11:10 ` Matan Azrad
2021-08-02 12:04 ` Thomas Monjalon
2021-04-14 20:21 ` [dpdk-dev] [PATCH v5] cryptodev: support multiple cipher data-units Thomas Monjalon
2021-04-15 8:35 ` [dpdk-dev] [EXT] " Akhil Goyal
2021-04-15 19:01 ` Akhil Goyal
2021-04-15 19:31 ` David Marchand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1615724283-26149-1-git-send-email-matan@nvidia.com \
--to=matan@nvidia.com \
--cc=adwivedi@marvell.com \
--cc=ajit.khaparde@broadcom.com \
--cc=akhil.goyal@nxp.com \
--cc=anoobj@marvell.com \
--cc=arkadiuszx.kusztal@intel.com \
--cc=asomalap@amd.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=g.singh@nxp.com \
--cc=jianjay.zhou@huawei.com \
--cc=john.griffin@intel.com \
--cc=michaelsh@marvell.com \
--cc=oren@nvidia.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=rnagadheeraj@marvell.com \
--cc=roy.fan.zhang@intel.com \
--cc=ruifeng.wang@arm.com \
--cc=sashakot@nvidia.com \
--cc=shirik@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).