From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by dpdk.org (Postfix) with ESMTP id 4E46E7CDF for ; Tue, 5 Sep 2017 12:20:04 +0200 (CEST) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Sep 2017 03:20:04 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.41,479,1498546800"; d="scan'208";a="125667133" Received: from silpixa00399464.ir.intel.com (HELO silpixa00399464.ger.corp.intel.com) ([10.237.222.157]) by orsmga004.jf.intel.com with ESMTP; 05 Sep 2017 03:20:02 -0700 From: Pablo de Lara To: declan.doherty@intel.com, roy.fan.zhang@intel.com, jerin.jacob@caviumnetworks.com Cc: dev@dpdk.org, Pablo de Lara Date: Tue, 5 Sep 2017 03:20:06 +0100 Message-Id: <20170905022007.55749-8-pablo.de.lara.guarch@intel.com> X-Mailer: git-send-email 2.9.4 In-Reply-To: <20170905022007.55749-1-pablo.de.lara.guarch@intel.com> References: <20170818072103.1416-1-pablo.de.lara.guarch@intel.com> <20170905022007.55749-1-pablo.de.lara.guarch@intel.com> Subject: [dpdk-dev] [PATCH v2 7/8] crypto/aesni_mb: do not append digest X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Sep 2017 10:20:05 -0000 When performing an authentication verification, the PMD was using memory at the end of the input buffer, to store temporarily the digest. This operation requires the buffer to have enough tailroom unnecessarily. Instead, memory is allocated for each queue pair, to store temporarily the digest generated by the driver, so it can be compared with the one provided in the crypto operation, without needing to touch the input buffer. Signed-off-by: Pablo de Lara --- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 36 +++++++--------------- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 5 +++ drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 12 +++++++- 3 files changed, 27 insertions(+), 26 deletions(-) diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 16e1451..529f469 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -407,7 +407,7 @@ get_session(struct aesni_mb_qp *qp, struct rte_crypto_op *op) */ static inline int set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, - struct rte_crypto_op *op) + struct rte_crypto_op *op, uint8_t *digest_idx) { struct rte_mbuf *m_src = op->sym->m_src, *m_dst; struct aesni_mb_session *session; @@ -466,19 +466,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, /* Set digest output location */ if (job->hash_alg != NULL_HASH && session->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) { - job->auth_tag_output = (uint8_t *)rte_pktmbuf_append(m_dst, - get_digest_byte_length(job->hash_alg)); - - if (job->auth_tag_output == NULL) { - MB_LOG_ERR("failed to allocate space in output mbuf " - "for temp digest"); - op->status = RTE_CRYPTO_OP_STATUS_ERROR; - return -1; - } - - memset(job->auth_tag_output, 0, - sizeof(get_digest_byte_length(job->hash_alg))); - + job->auth_tag_output = qp->temp_digests[*digest_idx]; + *digest_idx = (*digest_idx + 1) % MAX_JOBS; } else { job->auth_tag_output = op->sym->auth.digest.data; } @@ -507,22 +496,17 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp, /* Set user data to be crypto operation data struct */ job->user_data = op; - job->user_data2 = m_dst; return 0; } static inline void -verify_digest(JOB_AES_HMAC *job, struct rte_crypto_op *op) { - struct rte_mbuf *m_dst = (struct rte_mbuf *)job->user_data2; - +verify_digest(struct aesni_mb_qp *qp __rte_unused, JOB_AES_HMAC *job, + struct rte_crypto_op *op) { /* Verify digest if required */ if (memcmp(job->auth_tag_output, op->sym->auth.digest.data, job->auth_tag_output_len_in_bytes) != 0) op->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - - /* trim area used for digest from mbuf */ - rte_pktmbuf_trim(m_dst, get_digest_byte_length(job->hash_alg)); } /** @@ -532,8 +516,7 @@ verify_digest(JOB_AES_HMAC *job, struct rte_crypto_op *op) { * @param job JOB_AES_HMAC job to process * * @return - * - Returns processed crypto operation which mbuf is trimmed of output digest - * used in verification of supplied digest. + * - Returns processed crypto operation. * - Returns NULL on invalid job */ static inline struct rte_crypto_op * @@ -552,7 +535,7 @@ post_process_mb_job(struct aesni_mb_qp *qp, JOB_AES_HMAC *job) if (job->hash_alg != NULL_HASH) { if (sess->auth.operation == RTE_CRYPTO_AUTH_OP_VERIFY) - verify_digest(job, op); + verify_digest(qp, job, op); } break; default: @@ -650,6 +633,7 @@ aesni_mb_pmd_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops, if (unlikely(nb_ops == 0)) return 0; + uint8_t digest_idx = qp->digest_idx; do { /* Get next operation to process from ingress queue */ retval = rte_ring_dequeue(qp->ingress_queue, (void **)&op); @@ -667,7 +651,7 @@ aesni_mb_pmd_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops, job = (*qp->op_fns->job.get_next)(&qp->mb_mgr); } - retval = set_mb_job_params(job, qp, op); + retval = set_mb_job_params(job, qp, op, &digest_idx); if (unlikely(retval != 0)) { qp->stats.dequeue_err_count++; set_job_null_op(job); @@ -687,6 +671,8 @@ aesni_mb_pmd_dequeue_burst(void *queue_pair, struct rte_crypto_op **ops, } while (processed_jobs < nb_ops); + qp->digest_idx = digest_idx; + if (processed_jobs < 1) processed_jobs += flush_mb_mgr(qp, &ops[processed_jobs], diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 692b354..4be9b80 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -430,6 +430,11 @@ aesni_mb_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, memset(&qp->stats, 0, sizeof(qp->stats)); + char mp_name[RTE_MEMPOOL_NAMESIZE]; + + snprintf(mp_name, RTE_MEMPOOL_NAMESIZE, + "digest_mp_%u_%u", dev->data->dev_id, qp_id); + /* Initialise multi-buffer manager */ (*qp->op_fns->job.init_mgr)(&qp->mb_mgr); return 0; diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h index 6676948..fe3bd73 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h @@ -61,6 +61,8 @@ #define HMAC_IPAD_VALUE (0x36) #define HMAC_OPAD_VALUE (0x5C) +/* Maximum length for digest (SHA-512 truncated needs 32 bytes) */ +#define DIGEST_LENGTH_MAX 32 static const unsigned auth_blocksize[] = { [MD5] = 64, [SHA1] = 64, @@ -164,9 +166,17 @@ struct aesni_mb_qp { /**< Session Mempool */ struct rte_cryptodev_stats stats; /**< Queue pair statistics */ + uint8_t digest_idx; + /**< Index of the next slot to be used in temp_digests, + * to store the digest for a given operation + */ + uint8_t temp_digests[MAX_JOBS][DIGEST_LENGTH_MAX]; + /**< Buffers used to store the digest generated + * by the driver when verifying a digest provided + * by the user (using authentication verify operation) + */ } __rte_cache_aligned; - /** AES-NI multi-buffer private session structure */ struct aesni_mb_session { JOB_CHAIN_ORDER chain_order; -- 2.9.4