From: Matan Azrad <matan@nvidia.com>
To: NBU-Contact-Thomas Monjalon <thomas@monjalon.net>,
"dev@dpdk.org" <dev@dpdk.org>
Cc: "akhil.goyal@nxp.com" <akhil.goyal@nxp.com>,
"arkadiuszx.kusztal@intel.com" <arkadiuszx.kusztal@intel.com>,
"anoobj@marvell.com" <anoobj@marvell.com>,
Ray Kinsella <mdr@ashroe.eu>, Neil Horman <nhorman@tuxdriver.com>,
Declan Doherty <declan.doherty@intel.com>
Subject: Re: [dpdk-dev] [PATCH v3] cryptodev: support multiple cipher data-units
Date: Tue, 13 Apr 2021 19:48:39 +0000 [thread overview]
Message-ID: <MW2PR12MB2492AA7BC3B248D8F63E1E32DF4F9@MW2PR12MB2492.namprd12.prod.outlook.com> (raw)
In-Reply-To: <20210413181907.3828454-1-thomas@monjalon.net>
Hi
Small comment
From: Thomas Monjalon
> From: Matan Azrad <matan@nvidia.com>
>
> In cryptography, a block cipher is a deterministic algorithm operating on fixed-
> length groups of bits, called blocks.
>
> A block cipher consists of two paired algorithms, one for encryption and the
> other for decryption. Both algorithms accept two inputs:
> an input block of size n bits and a key of size k bits; and both yield an n-bit
> output block. The decryption algorithm is defined to be the inverse function of
> the encryption.
>
> For AES standard the block size is 16 bytes.
> For AES in XTS mode, the data to be encrypted\decrypted does not have to be
> multiple of 16B size, the unit of data is called data-unit.
> The data-unit size can be any size in range [16B, 2^24B], so, in this case, a data
> stream is divided into N amount of equal data-units and must be
> encrypted\decrypted in the same data-unit resolution.
>
> For ABI compatibility reason, the size is limited to 64K (16-bit field).
> The new field dataunit_len is inserted in a struct padding hole, which is only 2
> bytes long in 32-bit build.
> It could be extended later during an ABI-breakage window.
>
> The current cryptodev API doesn't allow the user to select a specific data-unit
> length supported by the devices.
> In addition, there is no definition how the IV is detected per data-unit when
> single operation includes more than one data-unit.
>
> That causes applications to use single operation per data-unit even though all
> the data is continuous in memory what reduces datapath performance.
>
> Add a new feature flag to support multiple data-unit sizes, called
> RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS.
> Add a new field in cipher capability, called dataunit_set, where the devices can
> report the range of the supported data-unit sizes.
> Add a new cipher transformation field, called dataunit_len, where the user can
> select the data-unit length for all the operations.
>
> All the new fields do not change the size of their structures, by filling some
> struct padding holes.
> They are added as exceptions in the ABI check file libabigail.abignore.
>
> Using a bitmap to report the supported data-unit sizes capability allows the
> devices to report a range simply as same as the user to read it simply. also,
> thus sizes are usually common and probably will be shared among different
> devices.
>
> Signed-off-by: Matan Azrad <matan@nvidia.com>
> Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
> ---
> v1:
> - Use data-unit term instead of block.
> - Update cipher length description in OP.
> - Improve descriptions on xform and capability.
> - Improve commit log.
>
> v2:
> - Fix typo: MULITPLE->MULTIPLE.
> - Remain only planned supported sizes for data-unit capability.
>
> v3:
> - Improve some comments.
> - Fix ABI breakage.
>
> Note: the suppression rules work in libabigail for this patch, but not sure it is
> really considering the offsets defined in the file.
>
> ---
> devtools/libabigail.abignore | 12 +++++++++++-
> doc/guides/cryptodevs/features/default.ini | 1 +
> doc/guides/cryptodevs/overview.rst | 3 +++
> doc/guides/rel_notes/release_21_05.rst | 6 ++++++
> lib/librte_cryptodev/rte_crypto_sym.h | 18 ++++++++++++++++--
> lib/librte_cryptodev/rte_cryptodev.c | 2 ++
> lib/librte_cryptodev/rte_cryptodev.h | 16 ++++++++++++++++
> 7 files changed, 55 insertions(+), 3 deletions(-)
>
> diff --git a/devtools/libabigail.abignore b/devtools/libabigail.abignore index
> 6c0b38984e..bce940f2df 100644
> --- a/devtools/libabigail.abignore
> +++ b/devtools/libabigail.abignore
> @@ -19,4 +19,14 @@
> ; Ignore fields inserted in cacheline boundary of rte_cryptodev [suppress_type]
> name = rte_cryptodev
> - has_data_member_inserted_between = {offset_after(attached), end}
> \ No newline at end of file
> + has_data_member_inserted_between = {offset_after(attached),
> + end}
> +
> +; Ignore fields inserted in union boundary of
> +rte_cryptodev_symmetric_capability
> +[suppress_type]
> + name = rte_cryptodev_symmetric_capability
> + has_data_member_inserted_between =
> +{offset_after(cipher.iv_size), end}
> +
> +; Ignore fields inserted in middle padding of rte_crypto_cipher_xform
> +[suppress_type]
> + name = rte_crypto_cipher_xform
> + has_data_member_inserted_between = {offset_after(key),
> +offset_of(iv)}
> diff --git a/doc/guides/cryptodevs/features/default.ini
> b/doc/guides/cryptodevs/features/default.ini
> index 17b177fc45..978bb30cc1 100644
> --- a/doc/guides/cryptodevs/features/default.ini
> +++ b/doc/guides/cryptodevs/features/default.ini
> @@ -31,6 +31,7 @@ CPU crypto =
> Symmetric sessionless =
> Non-Byte aligned data =
> Sym raw data path API =
> +Cipher multiple data units =
>
> ;
> ; Supported crypto algorithms of a default crypto driver.
> diff --git a/doc/guides/cryptodevs/overview.rst
> b/doc/guides/cryptodevs/overview.rst
> index e2a1e08ec1..e24e3e1993 100644
> --- a/doc/guides/cryptodevs/overview.rst
> +++ b/doc/guides/cryptodevs/overview.rst
> @@ -46,6 +46,9 @@ Supported Feature Flags
> - "Digest encrypted" feature flag means PMD support hash-cipher cases,
> where generated digest is appended to and encrypted with the data.
>
> + - "CIPHER_MULTIPLE_DATA_UNITS" feature flag means PMD support
> operations
> + on multiple data-units message.
> +
>
> Supported Cipher Algorithms
> ---------------------------
> diff --git a/doc/guides/rel_notes/release_21_05.rst
> b/doc/guides/rel_notes/release_21_05.rst
> index 9a666b629d..2dc776c35e 100644
> --- a/doc/guides/rel_notes/release_21_05.rst
> +++ b/doc/guides/rel_notes/release_21_05.rst
> @@ -145,6 +145,12 @@ New Features
>
> * Added support for preferred busy polling.
>
> +* **Added support of multiple data-units in cryptodev API.**
> +
> + The cryptodev library has been enhanced to allow operations on
> + multiple data-units for AES-XTS algorithm, the data-unit length
> + should be set in the transformation. A capability for it was added too.
> +
> * **Updated Mellanox RegEx PMD.**
>
> * Added support for multi-segments mbuf.
> diff --git a/lib/librte_cryptodev/rte_crypto_sym.h
> b/lib/librte_cryptodev/rte_crypto_sym.h
> index 9d572ec057..ec45714fc3 100644
> --- a/lib/librte_cryptodev/rte_crypto_sym.h
> +++ b/lib/librte_cryptodev/rte_crypto_sym.h
> @@ -222,6 +222,19 @@ struct rte_crypto_cipher_xform {
> * - Each key can be either 128 bits (16 bytes) or 256 bits (32 bytes).
> * - Both keys must have the same size.
> **/
> +
> + uint16_t dataunit_len;
> + /**< When RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS is
> enabled,
> + * this is the data-unit length of the algorithm,
> + * otherwise or when the value is 0, use the operation length.
> + * The value should be in the range defined by the dataunit_set field
> + * in the cipher capability.
> + *
> + * - For AES-XTS it is the size of data-unit, from IEEE Std 1619-2007.
> + * For-each data-unit in the operation, the tweak (IV) value is
> + * assigned consecutively starting from the operation assigned IV.
> + */
> +
> struct {
> uint16_t offset;
> /**< Starting point for Initialisation Vector or Counter, @@ -701,9
> +714,10 @@ struct rte_crypto_sym_op {
> /**< The message length, in bytes, of the
> * source buffer on which the cryptographic
> * operation will be computed.
> + * This is also the same as the result length.
> * This must be a multiple of the block size
> - * if a block cipher is being used. This is
> - * also the same as the result length.
> + * or a multiple of data-unit length
> + * as described in xform.
> *
> * @note
> * For SNOW 3G @
> RTE_CRYPTO_AUTH_SNOW3G_UEA2, diff --git
> a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
> index 40f55a3cd0..e02e001325 100644
> --- a/lib/librte_cryptodev/rte_cryptodev.c
> +++ b/lib/librte_cryptodev/rte_cryptodev.c
> @@ -617,6 +617,8 @@ rte_cryptodev_get_feature_name(uint64_t flag)
> return "SYM_SESSIONLESS";
> case RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA:
> return "NON_BYTE_ALIGNED_DATA";
> + case RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS:
> + return "CIPHER_MULTIPLE_DATA_UNITS";
> default:
> return NULL;
> }
> diff --git a/lib/librte_cryptodev/rte_cryptodev.h
> b/lib/librte_cryptodev/rte_cryptodev.h
> index ae34f33f69..f6972a7d19 100644
> --- a/lib/librte_cryptodev/rte_cryptodev.h
> +++ b/lib/librte_cryptodev/rte_cryptodev.h
> @@ -95,6 +95,15 @@ struct rte_crypto_param_range {
> */
> };
>
> +/**
> + * Data-unit supported lengths of cipher algorithms.
> + * A bit can represent any set of data-unit sizes
> + * (single size, multiple size, range, etc).
> + */
> +#define RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_512_BYTES (1 << 0)
> +#define RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_4096_BYTES (1 << 1)
> +#define RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_1M_BYTES (1 << 2)
1M is irrelevant since datauinit_len is only 16 bits now.
> +
> /**
> * Symmetric Crypto Capability
> */
> @@ -127,6 +136,11 @@ struct rte_cryptodev_symmetric_capability {
> /**< cipher key size range */
> struct rte_crypto_param_range iv_size;
> /**< Initialisation vector data size range */
> + uint32_t dataunit_set;
> + /**<
> + * A bitmap for a set of the supported data-unit lengths.
> + * 0 for any length defined in the algorithm standard.
> + */
> } cipher;
> /**< Symmetric Cipher transform capabilities */
> struct {
> @@ -461,6 +475,8 @@ rte_cryptodev_asym_get_xform_enum(enum
> rte_crypto_asym_xform_type *xform_enum, /**< Support operations on data
> which is not byte aligned */
> #define RTE_CRYPTODEV_FF_SYM_RAW_DP (1ULL << 24)
> /**< Support accelerator specific symmetric raw data-path APIs */
> +#define RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS (1ULL << 25)
> +/**< Support operations on multiple data-units message */
>
> /**
> * Get the name of a crypto device feature flag
> --
> 2.31.1
next prev parent reply other threads:[~2021-04-13 19:48 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-04 14:34 [dpdk-dev] [PATCH] cryptodev: support multiple cipher block sizes Matan Azrad
2021-02-05 16:50 ` Zhang, Roy Fan
2021-02-08 12:10 ` Kusztal, ArkadiuszX
2021-02-08 13:36 ` Matan Azrad
2021-02-08 15:28 ` Kusztal, ArkadiuszX
2021-02-08 18:23 ` Matan Azrad
2021-02-26 7:50 ` Kusztal, ArkadiuszX
2021-02-26 5:01 ` [dpdk-dev] [EXT] " Anoob Joseph
2021-03-01 7:55 ` Matan Azrad
2021-03-01 9:29 ` Kusztal, ArkadiuszX
2021-03-14 12:18 ` [dpdk-dev] [PATCH] cryptodev: support multiple cipher data-units Matan Azrad
2021-04-04 15:17 ` [dpdk-dev] [PATCH v2] " Matan Azrad
[not found] ` <20210404150809.2154241-1-matan@nvidia.com>
2021-04-13 12:02 ` [dpdk-dev] [EXT] " Akhil Goyal
2021-04-13 16:39 ` Thomas Monjalon
2021-04-13 18:19 ` [dpdk-dev] [PATCH v3] " Thomas Monjalon
2021-04-13 19:48 ` Matan Azrad [this message]
2021-04-13 20:42 ` [dpdk-dev] [PATCH v4] " Thomas Monjalon
2021-04-14 18:37 ` [dpdk-dev] [EXT] " Akhil Goyal
2021-04-14 19:38 ` Thomas Monjalon
2021-04-14 19:43 ` Akhil Goyal
2021-04-14 20:17 ` Thomas Monjalon
2021-04-14 20:15 ` [dpdk-dev] [PATCH] doc: announce extension of crypto data-unit length Thomas Monjalon
2021-05-17 19:41 ` [dpdk-dev] [EXT] " Akhil Goyal
2021-07-31 17:10 ` Thomas Monjalon
2021-07-31 18:58 ` [dpdk-dev] " Ajit Khaparde
2021-08-02 11:10 ` Matan Azrad
2021-08-02 12:04 ` Thomas Monjalon
2021-04-14 20:21 ` [dpdk-dev] [PATCH v5] cryptodev: support multiple cipher data-units Thomas Monjalon
2021-04-15 8:35 ` [dpdk-dev] [EXT] " Akhil Goyal
2021-04-15 19:01 ` Akhil Goyal
2021-04-15 19:31 ` David Marchand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MW2PR12MB2492AA7BC3B248D8F63E1E32DF4F9@MW2PR12MB2492.namprd12.prod.outlook.com \
--to=matan@nvidia.com \
--cc=akhil.goyal@nxp.com \
--cc=anoobj@marvell.com \
--cc=arkadiuszx.kusztal@intel.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=mdr@ashroe.eu \
--cc=nhorman@tuxdriver.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).