From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: "Zhang, Roy Fan" <roy.fan.zhang@intel.com>,
"dev@dpdk.org" <dev@dpdk.org>
Cc: "Doherty, Declan" <declan.doherty@intel.com>,
"akhil.goyal@nxp.com" <akhil.goyal@nxp.com>
Subject: Re: [dpdk-dev] [PATCH 02/10] crypto/aesni_gcm: add rte_security handler
Date: Wed, 18 Sep 2019 10:24:40 +0000 [thread overview]
Message-ID: <2601191342CEEE43887BDE71AB9772580191966D30@irsmsx105.ger.corp.intel.com> (raw)
In-Reply-To: <20190906131330.40185-3-roy.fan.zhang@intel.com>
Hi Fan,
>
> This patch add rte_security support support to AESNI-GCM PMD. The PMD now
> initialize security context instance, create/delete PMD specific security
> sessions, and process crypto workloads in synchronous mode with
> scatter-gather list buffer supported.Hi
>
> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
> ---
> drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 91 ++++++++++++++++++++++-
> drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 95 ++++++++++++++++++++++++
> drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h | 23 ++++++
> 3 files changed, 208 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> index 1006a5c4d..0a346eddd 100644
> --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c
> @@ -6,6 +6,7 @@
> #include <rte_hexdump.h>
> #include <rte_cryptodev.h>
> #include <rte_cryptodev_pmd.h>
> +#include <rte_security_driver.h>
> #include <rte_bus_vdev.h>
> #include <rte_malloc.h>
> #include <rte_cpuflags.h>
> @@ -174,6 +175,56 @@ aesni_gcm_get_session(struct aesni_gcm_qp *qp, struct rte_crypto_op *op)
> return sess;
> }
>
> +static __rte_always_inline int
> +process_gcm_security_sgl_buf(struct aesni_gcm_security_session *sess,
> + struct rte_security_vec *buf, uint8_t *iv,
> + uint8_t *aad, uint8_t *digest)
> +{
> + struct aesni_gcm_session *session = &sess->sess;
> + uint8_t *tag;
> + uint32_t i;
> +
> + sess->init(&session->gdata_key, &sess->gdata_ctx, iv, aad,
> + (uint64_t)session->aad_length);
> +
> + for (i = 0; i < buf->num; i++) {
> + struct iovec *vec = &buf->vec[i];
> +
> + sess->update(&session->gdata_key, &sess->gdata_ctx,
> + vec->iov_base, vec->iov_base, vec->iov_len);
> + }
> +
> + switch (session->op) {
> + case AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION:
> + if (session->req_digest_length != session->gen_digest_length)
> + tag = sess->temp_digest;
> + else
> + tag = digest;
> +
> + sess->finalize(&session->gdata_key, &sess->gdata_ctx, tag,
> + session->gen_digest_length);
> +
> + if (session->req_digest_length != session->gen_digest_length)
> + memcpy(digest, sess->temp_digest,
> + session->req_digest_length);
> + break;
Wonder can we move all these cases and ifs into session_create() time -
so instead of one process() function with a lot of branches,
we'll have several process functions with minimal/none branches.
I think it should help us to save extra cycles.
> +
> + case AESNI_GCM_OP_AUTHENTICATED_DECRYPTION:
> + tag = sess->temp_digest;
> +
> + sess->finalize(&session->gdata_key, &sess->gdata_ctx, tag,
> + session->gen_digest_length);
> +
> + if (memcmp(tag, digest, session->req_digest_length) != 0)
> + return -1;
> + break;
> + default:
> + return -1;
> + }
> +
> + return 0;
> +}
> +
> /**
> * Process a crypto operation, calling
> * the GCM API from the multi buffer library.
> @@ -488,8 +539,10 @@ aesni_gcm_create(const char *name,
> {
> struct rte_cryptodev *dev;
> struct aesni_gcm_private *internals;
> + struct rte_security_ctx *sec_ctx;
> enum aesni_gcm_vector_mode vector_mode;
> MB_MGR *mb_mgr;
> + char sec_name[RTE_DEV_NAME_MAX_LEN];
>
> /* Check CPU for support for AES instruction set */
> if (!rte_cpu_get_flag_enabled(RTE_CPUFLAG_AES)) {
> @@ -524,7 +577,8 @@ aesni_gcm_create(const char *name,
> RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
> RTE_CRYPTODEV_FF_CPU_AESNI |
> RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
> - RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT;
> + RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
> + RTE_CRYPTODEV_FF_SECURITY;
>
> mb_mgr = alloc_mb_mgr(0);
> if (mb_mgr == NULL)
> @@ -587,6 +641,21 @@ aesni_gcm_create(const char *name,
>
> internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs;
>
> + /* setup security operations */
> + snprintf(sec_name, sizeof(sec_name) - 1, "aes_gcm_sec_%u",
> + dev->driver_id);
> + sec_ctx = rte_zmalloc_socket(sec_name,
> + sizeof(struct rte_security_ctx),
> + RTE_CACHE_LINE_SIZE, init_params->socket_id);
> + if (sec_ctx == NULL) {
> + AESNI_GCM_LOG(ERR, "memory allocation failed\n");
> + goto error_exit;
> + }
> +
> + sec_ctx->device = (void *)dev;
> + sec_ctx->ops = rte_aesni_gcm_pmd_security_ops;
> + dev->security_ctx = sec_ctx;
> +
> #if IMB_VERSION_NUM >= IMB_VERSION(0, 50, 0)
> AESNI_GCM_LOG(INFO, "IPSec Multi-buffer library version used: %s\n",
> imb_get_version_str());
> @@ -641,6 +710,8 @@ aesni_gcm_remove(struct rte_vdev_device *vdev)
> if (cryptodev == NULL)
> return -ENODEV;
>
> + rte_free(cryptodev->security_ctx);
> +
> internals = cryptodev->data->dev_private;
>
> free_mb_mgr(internals->mb_mgr);
> @@ -648,6 +719,24 @@ aesni_gcm_remove(struct rte_vdev_device *vdev)
> return rte_cryptodev_pmd_destroy(cryptodev);
> }
>
> +void
> +aesni_gcm_sec_crypto_process_bulk(struct rte_security_session *sess,
> + struct rte_security_vec buf[], void *iv[], void *aad[],
> + void *digest[], int status[], uint32_t num)
> +{
> + struct aesni_gcm_security_session *session =
> + get_sec_session_private_data(sess);
> + uint32_t i;
> +
> + if (unlikely(!session))
> + return;
I think you can't just return here, you need to
set all status[] entries to some -errno value.
> +
> + for (i = 0; i < num; i++)
> + status[i] = process_gcm_security_sgl_buf(session, &buf[i],
> + (uint8_t *)iv[i], (uint8_t *)aad[i],
> + (uint8_t *)digest[i]);
> +}
> +
> static struct rte_vdev_driver aesni_gcm_pmd_drv = {
> .probe = aesni_gcm_probe,
> .remove = aesni_gcm_remove
> diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> index 2f66c7c58..cc71dbd60 100644
> --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c
> @@ -7,6 +7,7 @@
> #include <rte_common.h>
> #include <rte_malloc.h>
> #include <rte_cryptodev_pmd.h>
> +#include <rte_security_driver.h>
>
> #include "aesni_gcm_pmd_private.h"
>
> @@ -316,6 +317,85 @@ aesni_gcm_pmd_sym_session_clear(struct rte_cryptodev *dev,
> }
> }
>
> +static int
> +aesni_gcm_security_session_create(void *dev,
> + struct rte_security_session_conf *conf,
> + struct rte_security_session *sess,
> + struct rte_mempool *mempool)
> +{
> + struct rte_cryptodev *cdev = dev;
> + struct aesni_gcm_private *internals = cdev->data->dev_private;
> + struct aesni_gcm_security_session *sess_priv;
> + int ret;
> +
> + if (!conf->crypto_xform) {
> + AESNI_GCM_LOG(ERR, "Invalid security session conf");
> + return -EINVAL;
> + }
> +
> + if (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
> + AESNI_GCM_LOG(ERR, "GMAC is not supported in security session");
> + return -EINVAL;
> + }
> +
> +
> + if (rte_mempool_get(mempool, (void **)(&sess_priv))) {
> + AESNI_GCM_LOG(ERR,
> + "Couldn't get object from session mempool");
> + return -ENOMEM;
> + }
> +
> + ret = aesni_gcm_set_session_parameters(internals->ops,
> + &sess_priv->sess, conf->crypto_xform);
> + if (ret != 0) {
> + AESNI_GCM_LOG(ERR, "Failed configure session parameters");
> +
> + /* Return session to mempool */
> + rte_mempool_put(mempool, (void *)sess_priv);
> + return ret;
> + }
> +
> + sess_priv->pre = internals->ops[sess_priv->sess.key].pre;
> + sess_priv->init = internals->ops[sess_priv->sess.key].init;
> + if (sess_priv->sess.op == AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION) {
> + sess_priv->update =
> + internals->ops[sess_priv->sess.key].update_enc;
> + sess_priv->finalize =
> + internals->ops[sess_priv->sess.key].finalize_enc;
> + } else {
> + sess_priv->update =
> + internals->ops[sess_priv->sess.key].update_dec;
> + sess_priv->finalize =
> + internals->ops[sess_priv->sess.key].finalize_dec;
> + }
> +
> + sess->sess_private_data = sess_priv;
> +
> + return 0;
> +}
> +
> +static int
> +aesni_gcm_security_session_destroy(void *dev __rte_unused,
> + struct rte_security_session *sess)
> +{
> + void *sess_priv = get_sec_session_private_data(sess);
> +
> + if (sess_priv) {
> + struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
> +
> + memset(sess, 0, sizeof(struct aesni_gcm_security_session));
> + set_sec_session_private_data(sess, NULL);
> + rte_mempool_put(sess_mp, sess_priv);
> + }
> + return 0;
> +}
> +
> +static unsigned int
> +aesni_gcm_sec_session_get_size(__rte_unused void *device)
> +{
> + return sizeof(struct aesni_gcm_security_session);
> +}
> +
> struct rte_cryptodev_ops aesni_gcm_pmd_ops = {
> .dev_configure = aesni_gcm_pmd_config,
> .dev_start = aesni_gcm_pmd_start,
> @@ -336,4 +416,19 @@ struct rte_cryptodev_ops aesni_gcm_pmd_ops = {
> .sym_session_clear = aesni_gcm_pmd_sym_session_clear
> };
>
> +static struct rte_security_ops aesni_gcm_security_ops = {
> + .session_create = aesni_gcm_security_session_create,
> + .session_get_size = aesni_gcm_sec_session_get_size,
> + .session_update = NULL,
> + .session_stats_get = NULL,
> + .session_destroy = aesni_gcm_security_session_destroy,
> + .set_pkt_metadata = NULL,
> + .capabilities_get = NULL,
> + .process_cpu_crypto_bulk =
> + aesni_gcm_sec_crypto_process_bulk,
> +};
> +
> struct rte_cryptodev_ops *rte_aesni_gcm_pmd_ops = &aesni_gcm_pmd_ops;
> +
> +struct rte_security_ops *rte_aesni_gcm_pmd_security_ops =
> + &aesni_gcm_security_ops;
> diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
> index 56b29e013..8e490b6ce 100644
> --- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
> +++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h
> @@ -114,5 +114,28 @@ aesni_gcm_set_session_parameters(const struct aesni_gcm_ops *ops,
> * Device specific operations function pointer structure */
> extern struct rte_cryptodev_ops *rte_aesni_gcm_pmd_ops;
>
> +/**
> + * Security session structure.
> + */
> +struct aesni_gcm_security_session {
> + /** Temp digest for decryption */
> + uint8_t temp_digest[DIGEST_LENGTH_MAX];
> + /** GCM operations */
> + aesni_gcm_pre_t pre;
> + aesni_gcm_init_t init;
> + aesni_gcm_update_t update;
> + aesni_gcm_finalize_t finalize;
> + /** AESNI-GCM session */
> + struct aesni_gcm_session sess;
> + /** AESNI-GCM context */
> + struct gcm_context_data gdata_ctx;
> +};
> +
> +extern void
> +aesni_gcm_sec_crypto_process_bulk(struct rte_security_session *sess,
> + struct rte_security_vec buf[], void *iv[], void *aad[],
> + void *digest[], int status[], uint32_t num);
> +
> +extern struct rte_security_ops *rte_aesni_gcm_pmd_security_ops;
>
> #endif /* _RTE_AESNI_GCM_PMD_PRIVATE_H_ */
> --
> 2.14.5
next prev parent reply other threads:[~2019-09-18 10:24 UTC|newest]
Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-03 15:40 [dpdk-dev] [RFC PATCH 0/9] security: add software synchronous crypto process Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 1/9] security: introduce CPU Crypto action type and API Fan Zhang
2019-09-04 10:32 ` Akhil Goyal
2019-09-04 13:06 ` Zhang, Roy Fan
2019-09-06 9:01 ` Akhil Goyal
2019-09-06 13:12 ` Zhang, Roy Fan
2019-09-10 11:25 ` Akhil Goyal
2019-09-11 13:01 ` Ananyev, Konstantin
2019-09-06 13:27 ` Ananyev, Konstantin
2019-09-10 10:44 ` Akhil Goyal
2019-09-11 12:29 ` Ananyev, Konstantin
2019-09-12 14:12 ` Akhil Goyal
2019-09-16 14:53 ` Ananyev, Konstantin
2019-09-16 15:08 ` Ananyev, Konstantin
2019-09-17 6:02 ` Akhil Goyal
2019-09-18 7:44 ` Ananyev, Konstantin
2019-09-25 18:24 ` Ananyev, Konstantin
2019-09-27 9:26 ` Akhil Goyal
2019-09-30 12:22 ` Ananyev, Konstantin
2019-09-30 13:43 ` Akhil Goyal
2019-10-01 14:49 ` Ananyev, Konstantin
2019-10-03 13:24 ` Akhil Goyal
2019-10-07 12:53 ` Ananyev, Konstantin
2019-10-09 7:20 ` Akhil Goyal
2019-10-09 13:43 ` Ananyev, Konstantin
2019-10-11 13:23 ` Akhil Goyal
2019-10-13 23:07 ` Zhang, Roy Fan
2019-10-14 11:10 ` Ananyev, Konstantin
2019-10-15 15:02 ` Akhil Goyal
2019-10-16 13:04 ` Ananyev, Konstantin
2019-10-15 15:00 ` Akhil Goyal
2019-10-16 22:07 ` Ananyev, Konstantin
2019-10-17 12:49 ` Ananyev, Konstantin
2019-10-18 13:17 ` Akhil Goyal
2019-10-21 13:47 ` Ananyev, Konstantin
2019-10-22 13:31 ` Akhil Goyal
2019-10-22 17:44 ` Ananyev, Konstantin
2019-10-22 22:21 ` Ananyev, Konstantin
2019-10-23 10:05 ` Akhil Goyal
2019-10-30 14:23 ` Ananyev, Konstantin
2019-11-01 13:53 ` Akhil Goyal
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 2/9] crypto/aesni_gcm: add rte_security handler Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 3/9] app/test: add security cpu crypto autotest Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 4/9] app/test: add security cpu crypto perftest Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 5/9] crypto/aesni_mb: add rte_security handler Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 6/9] app/test: add aesni_mb security cpu crypto autotest Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 7/9] app/test: add aesni_mb security cpu crypto perftest Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 8/9] ipsec: add rte_security cpu_crypto action support Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 9/9] examples/ipsec-secgw: add security " Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 00/10] security: add software synchronous crypto process Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 01/10] security: introduce CPU Crypto action type and API Fan Zhang
2019-09-18 12:45 ` Ananyev, Konstantin
2019-09-29 6:00 ` Hemant Agrawal
2019-09-29 16:59 ` Ananyev, Konstantin
2019-09-30 9:43 ` Hemant Agrawal
2019-10-01 15:27 ` Ananyev, Konstantin
2019-10-02 2:47 ` Hemant Agrawal
2019-09-06 13:13 ` [dpdk-dev] [PATCH 02/10] crypto/aesni_gcm: add rte_security handler Fan Zhang
2019-09-18 10:24 ` Ananyev, Konstantin [this message]
2019-09-06 13:13 ` [dpdk-dev] [PATCH 03/10] app/test: add security cpu crypto autotest Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 04/10] app/test: add security cpu crypto perftest Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 05/10] crypto/aesni_mb: add rte_security handler Fan Zhang
2019-09-18 15:20 ` Ananyev, Konstantin
2019-09-06 13:13 ` [dpdk-dev] [PATCH 06/10] app/test: add aesni_mb security cpu crypto autotest Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 07/10] app/test: add aesni_mb security cpu crypto perftest Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 08/10] ipsec: add rte_security cpu_crypto action support Fan Zhang
2019-09-26 23:20 ` Ananyev, Konstantin
2019-09-27 10:38 ` Ananyev, Konstantin
2019-09-06 13:13 ` [dpdk-dev] [PATCH 09/10] examples/ipsec-secgw: add security " Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 10/10] doc: update security cpu process description Fan Zhang
2019-09-09 12:43 ` [dpdk-dev] [PATCH 00/10] security: add software synchronous crypto process Aaron Conole
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 " Fan Zhang
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 01/10] security: introduce CPU Crypto action type and API Fan Zhang
2019-10-08 13:42 ` Ananyev, Konstantin
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 02/10] crypto/aesni_gcm: add rte_security handler Fan Zhang
2019-10-08 13:44 ` Ananyev, Konstantin
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 03/10] app/test: add security cpu crypto autotest Fan Zhang
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 04/10] app/test: add security cpu crypto perftest Fan Zhang
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 05/10] crypto/aesni_mb: add rte_security handler Fan Zhang
2019-10-08 16:23 ` Ananyev, Konstantin
2019-10-09 8:29 ` Ananyev, Konstantin
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 06/10] app/test: add aesni_mb security cpu crypto autotest Fan Zhang
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 07/10] app/test: add aesni_mb security cpu crypto perftest Fan Zhang
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 08/10] ipsec: add rte_security cpu_crypto action support Fan Zhang
2019-10-08 23:28 ` Ananyev, Konstantin
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 09/10] examples/ipsec-secgw: add security " Fan Zhang
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 10/10] doc: update security cpu process description Fan Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2601191342CEEE43887BDE71AB9772580191966D30@irsmsx105.ger.corp.intel.com \
--to=konstantin.ananyev@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=roy.fan.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).