From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 0C6643DC for ; Mon, 26 Jun 2017 20:22:43 +0200 (CEST) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Jun 2017 11:22:43 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.39,396,1493708400"; d="scan'208";a="101655372" Received: from silpixa00399464.ir.intel.com (HELO silpixa00399464.ger.corp.intel.com) ([10.237.222.157]) by orsmga004.jf.intel.com with ESMTP; 26 Jun 2017 11:22:41 -0700 From: Pablo de Lara To: declan.doherty@intel.com, zbigniew.bodek@caviumnetworks.com, jerin.jacob@caviumnetworks.com, akhil.goyal@nxp.com, hemant.agrawal@nxp.com Cc: dev@dpdk.org, Pablo de Lara Date: Mon, 26 Jun 2017 11:22:33 +0100 Message-Id: <20170626102300.56637-1-pablo.de.lara.guarch@intel.com> X-Mailer: git-send-email 2.9.4 In-Reply-To: <1496005522-134934-1-git-send-email-pablo.de.lara.guarch@intel.com> References: <1496005522-134934-1-git-send-email-pablo.de.lara.guarch@intel.com> Subject: [dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jun 2017 18:22:45 -0000 This patchset attempts to correct and improve the current crypto operation (rte_crypto_op) and symmetric crypto operation (rte_crypto_sym_op) structures, shrinking their sizes to fit both structures into two 64-byte cache lines (with extra space for the IV and other user data) as one of the goals. It also introduces new AEAD algorithm specific parameters, to simplify its setup with a single transform, instead of a concatenation of a cipher and an authentication transform. The following changes are made: In rte_crypto_op: - Moved session type (with session/sessionless) from symmetric op to crypto op, as this could be used for other types - Combined operation type, operation status and session type into a 64-bit flag (each one taking 1 byte), instead of having enums taking 4 bytes each - Removed opaque data from crypto operation, as private data can be allocated just after the symmetric (or other type) crypto operation - Modified symmetric operation pointer to zero-array, as the symmetric op should be always after the crypto operation - Removed unnecessary cache alignment In rte_crypto_sym_xform: - Added IV length and offset in sym_xform, so these will be fixed for all the operations in a session - Added a new AEAD transform - Added IV for authentication and AEAD transforms - Removed AAD length from authentication transform, as it is only used for AEAD algorithms In rte_crypto_sym_op: - Removed IV parameters, which will be only in the session. - Added AEAD specific parameters. - Create union with the new AEAD parameters and the cipher/authentication parameters, as the three cannot be used at the same time - Removed digest length from sym crypto op, so this length will be fixed for all the operations in a session - Removed AAD length from sym crypto op, so this length will be fixed for all operations in a session - Removed AAD from authentication structure, as it is only used for AEAD algorithms - Added zero-array at the end of sym crypto op to be used to get extra allocated memory (IV + other user data) In terms of algorithm usage: - AEAD algorithms (like AES-GCM) are set up only using the AEAD structure - AES GMAC will be an authentication only algorithm, using the source buffer directly, instead of AAD field - Wireless algorithms (like SNOW3G) do not use AAD field for authentication IV anymore, as this is available now. Finally, a comparison between the previous operation and the new operation: Previous rte_crypto_op (40 bytes) and rte_crypto_sym_op (114 bytes) structures: struct rte_crypto_op { enum rte_crypto_op_type type; enum rte_crypto_op_status status; struct rte_mempool *mempool; phys_addr_t phys_addr; void *opaque_data; union { struct rte_crypto_sym_op *sym; }; } __rte_cache_aligned; struct rte_crypto_sym_op { struct rte_mbuf *m_src; struct rte_mbuf *m_dst; enum rte_crypto_sym_op_sess_type sess_type; RTE_STD_C11 union { struct rte_cryptodev_sym_session *session; struct rte_crypto_sym_xform *xform; }; struct { struct { uint32_t offset; uint32_t length; } data; struct { uint8_t *data; phys_addr_t phys_addr; uint16_t length; } iv; } cipher; struct { struct { uint32_t offset; uint32_t length; } data; struct { uint8_t *data; phys_addr_t phys_addr; uint16_t length; } digest; /**< Digest parameters */ struct { uint8_t *data; phys_addr_t phys_addr; uint16_t length; } aad; } auth; } __rte_cache_aligned; New rte_crypto_op (24 bytes) and rte_crypto_sym_op (72 bytes) structures: struct rte_crypto_op { uint64_t type: 8; uint64_t status: 8; uint64_t sess_type: 8; struct rte_mempool *mempool; phys_addr_t phys_addr; RTE_STD_C11 union { struct rte_crypto_sym_op sym[0]; }; } __rte_cache_aligned; struct rte_crypto_sym_op { struct rte_mbuf *m_src; struct rte_mbuf *m_dst; union { struct rte_cryptodev_sym_session *session; /**< Handle for the initialised session context */ struct rte_crypto_sym_xform *xform; /**< Session-less API Crypto operation parameters */ }; union { struct { struct { uint32_t offset; uint32_t length; } data; /**< Data offsets and length for AEAD */ struct { uint8_t *data; phys_addr_t phys_addr; } digest; /**< Digest parameters */ struct { uint8_t *data; phys_addr_t phys_addr; } aad; /**< Additional authentication parameters */ } aead; struct { struct { struct { uint32_t offset; uint32_t length; } data; /**< Data offsets and length for ciphering */ } cipher; struct { struct { uint32_t offset; uint32_t length; } data; /**< Data offsets and length for authentication */ struct { uint8_t *data; phys_addr_t phys_addr; } digest; /**< Digest parameters */ } auth; }; }; }; Changes in v2: - Added AEAD structures - Added authentication IV (used for AES-GMAC and wireless algorithms) - Modified all applications with the changes - Modified all drivers with the changes - Moved AAD length to the crypto session - Rebased against latest dpdk-next-crypto - Added documentation changes Pablo de Lara (27): cryptodev: move session type to generic crypto op cryptodev: replace enums with 1-byte variables cryptodev: remove opaque data pointer in crypto op cryptodev: do not store pointer to op specific params cryptodev: remove useless alignment cryptodev: add crypto op helper macros crypto/qat: fix KASUMI authentication test/crypto: move IV to crypto op private data test/crypto-perf: move IV to crypto op private data app/crypto-perf: move IV to crypto op private data examples/l2fwd-crypto: move IV to crypto op private data examples/ipsec-secgw: move IV to crypto op private data cryptodev: pass IV as offset cryptodev: move IV parameters to crypto session cryptodev: add auth IV cryptodev: do not use AAD in wireless algorithms cryptodev: remove AAD length from crypto op cryptodev: remove digest length from crypto op cryptodev: set AES-GMAC as auth-only algo cryptodev: add AEAD specific data cryptodev: add AEAD parameters in crypto operation examples/l2fwd-crypto: avoid too many tabs app/test-crypto-perf: add AEAD parameters examples/ipsec-secgw: add AEAD parameters examples/l2fwd-crypto: add AEAD parameters cryptodev: use AES-GCM/CCM as AEAD algorithms cryptodev: remove AAD from authentication structure app/test-crypto-perf/cperf_ops.c | 215 ++-- app/test-crypto-perf/cperf_ops.h | 6 +- app/test-crypto-perf/cperf_options.h | 24 +- app/test-crypto-perf/cperf_options_parsing.c | 148 ++- app/test-crypto-perf/cperf_test_latency.c | 59 +- app/test-crypto-perf/cperf_test_throughput.c | 24 +- app/test-crypto-perf/cperf_test_vector_parsing.c | 67 +- app/test-crypto-perf/cperf_test_vectors.c | 140 ++- app/test-crypto-perf/cperf_test_vectors.h | 20 +- app/test-crypto-perf/cperf_test_verify.c | 25 +- app/test-crypto-perf/data/aes_cbc_128_sha.data | 2 +- app/test-crypto-perf/data/aes_cbc_192_sha.data | 2 +- app/test-crypto-perf/data/aes_cbc_256_sha.data | 2 +- app/test-crypto-perf/main.c | 61 +- doc/guides/prog_guide/cryptodev_lib.rst | 107 +- doc/guides/prog_guide/img/crypto_xform_chain.svg | 8 +- doc/guides/rel_notes/release_17_08.rst | 36 + doc/guides/sample_app_ug/ipsec_secgw.rst | 43 +- doc/guides/sample_app_ug/l2_forward_crypto.rst | 41 +- doc/guides/tools/cryptoperf.rst | 50 +- drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 260 +++-- drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 32 +- drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h | 13 +- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 16 +- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 21 +- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 5 + drivers/crypto/armv8/rte_armv8_pmd.c | 26 +- drivers/crypto/armv8/rte_armv8_pmd_ops.c | 6 +- drivers/crypto/armv8/rte_armv8_pmd_private.h | 9 +- drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 87 +- drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 25 +- drivers/crypto/kasumi/rte_kasumi_pmd.c | 88 +- drivers/crypto/kasumi/rte_kasumi_pmd_ops.c | 5 +- drivers/crypto/kasumi/rte_kasumi_pmd_private.h | 2 + drivers/crypto/null/null_crypto_pmd.c | 15 +- drivers/crypto/null/null_crypto_pmd_ops.c | 9 +- drivers/crypto/openssl/rte_openssl_pmd.c | 209 +++- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 103 +- drivers/crypto/openssl/rte_openssl_pmd_private.h | 14 + drivers/crypto/qat/qat_adf/qat_algs.h | 9 + drivers/crypto/qat/qat_adf/qat_algs_build_desc.c | 7 +- drivers/crypto/qat/qat_crypto.c | 372 +++++-- drivers/crypto/qat/qat_crypto.h | 4 + drivers/crypto/qat/qat_crypto_capabilities.h | 82 +- drivers/crypto/snow3g/rte_snow3g_pmd.c | 79 +- drivers/crypto/snow3g/rte_snow3g_pmd_ops.c | 5 +- drivers/crypto/snow3g/rte_snow3g_pmd_private.h | 2 + drivers/crypto/zuc/rte_zuc_pmd.c | 63 +- drivers/crypto/zuc/rte_zuc_pmd_ops.c | 7 +- drivers/crypto/zuc/rte_zuc_pmd_private.h | 2 + examples/ipsec-secgw/esp.c | 243 ++-- examples/ipsec-secgw/ipsec.c | 1 - examples/ipsec-secgw/ipsec.h | 6 +- examples/ipsec-secgw/sa.c | 285 +++-- examples/l2fwd-crypto/main.c | 721 +++++++++--- lib/librte_cryptodev/rte_crypto.h | 37 +- lib/librte_cryptodev/rte_crypto_sym.h | 618 +++++----- lib/librte_cryptodev/rte_cryptodev.c | 71 +- lib/librte_cryptodev/rte_cryptodev.h | 90 +- lib/librte_cryptodev/rte_cryptodev_version.map | 10 + test/test/test_cryptodev.c | 1176 ++++++++------------ test/test/test_cryptodev.h | 6 + test/test/test_cryptodev_blockcipher.c | 35 +- test/test/test_cryptodev_gcm_test_vectors.h | 29 +- .../test/test_cryptodev_kasumi_hash_test_vectors.h | 16 +- test/test/test_cryptodev_kasumi_test_vectors.h | 20 +- test/test/test_cryptodev_perf.c | 673 +++++------ .../test/test_cryptodev_snow3g_hash_test_vectors.h | 14 +- test/test/test_cryptodev_snow3g_test_vectors.h | 24 +- test/test/test_cryptodev_zuc_test_vectors.h | 38 +- 70 files changed, 4042 insertions(+), 2728 deletions(-) -- 2.9.4