From patchwork Tue Nov 5 18:41:19 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Ananyev, Konstantin" X-Patchwork-Id: 62490 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id CCEC5A04A2; Tue, 5 Nov 2019 19:42:03 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 8D1521BEF1; Tue, 5 Nov 2019 19:42:03 +0100 (CET) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id B462C1BEF1; Tue, 5 Nov 2019 19:42:01 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Nov 2019 10:41:57 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,271,1569308400"; d="scan'208";a="403454515" Received: from sivswdev08.ir.intel.com ([10.237.217.47]) by fmsmga006.fm.intel.com with ESMTP; 05 Nov 2019 10:41:54 -0800 From: Konstantin Ananyev To: dev@dpdk.org, techboard@dpdk.org Cc: roy.fan.zhang@intel.com, declan.doherty@intel.com, akhil.goyal@nxp.com, Konstantin Ananyev Date: Tue, 5 Nov 2019 18:41:19 +0000 Message-Id: <20191105184122.15172-2-konstantin.ananyev@intel.com> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20191105184122.15172-1-konstantin.ananyev@intel.com> References: <20191105184122.15172-1-konstantin.ananyev@intel.com> Subject: [dpdk-dev] [RFC 1/4] cpu-crypto: Introduce basic data structures X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Introduce basic data strucure to be used with cpu-crypto data-path. Signed-off-by: Konstantin Ananyev --- lib/librte_cryptodev/rte_crypto_sym.h | 52 +++++++++++++++++++++++++-- lib/librte_security/rte_security.h | 6 +++- 2 files changed, 54 insertions(+), 4 deletions(-) diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h index ffa038dc4..d8d9e9514 100644 --- a/lib/librte_cryptodev/rte_crypto_sym.h +++ b/lib/librte_cryptodev/rte_crypto_sym.h @@ -25,6 +25,30 @@ extern "C" { #include #include +/** + * Crypto IO Vector (in analogy with struct iovec) + * Supposed be used to pass input/output data buffers for crypto data-path + * functions. + */ +struct rte_crypto_vec { + /** virtual address of the data buffer */ + void *base; + /** IOVA of the data buffer */ + rte_iova_t *iova; + /** length of the data buffer */ + uint32_t len; +}; + +struct rte_crypto_sym_vec { + /** array of SGL vectors */ + struct rte_crypto_vec *vec; + /** array of pointers to IV */ + void **iv; + /** array of pointers to AAD */ + void **aad; + /** array of pointers to digest */ + void **digest; +}; /** Symmetric Cipher Algorithms */ enum rte_crypto_cipher_algorithm { @@ -116,7 +140,8 @@ struct rte_crypto_cipher_xform { struct { const uint8_t *data; /**< pointer to key data */ uint16_t length; /**< key length in bytes */ - } key; + } __attribute__((__packed__)) key; + /**< Cipher key * * For the RTE_CRYPTO_CIPHER_AES_F8 mode of operation, key.data will @@ -140,6 +165,16 @@ struct rte_crypto_cipher_xform { * - Each key can be either 128 bits (16 bytes) or 256 bits (32 bytes). * - Both keys must have the same size. **/ + + struct { + /** + * offset for cipher to start within user provided data buffer. + */ + uint16_t offset; + } cpu_crypto; + + uint8_t reserved[4]; + struct { uint16_t offset; /**< Starting point for Initialisation Vector or Counter, @@ -284,7 +319,7 @@ struct rte_crypto_auth_xform { struct { const uint8_t *data; /**< pointer to key data */ uint16_t length; /**< key length in bytes */ - } key; + } __attribute__((__packed__)) key; /**< Authentication key data. * The authentication key length MUST be less than or equal to the * block size of the algorithm. It is the callers responsibility to @@ -292,6 +327,8 @@ struct rte_crypto_auth_xform { * (for example RFC 2104, FIPS 198a). */ + uint8_t reserved[6]; + struct { uint16_t offset; /**< Starting point for Initialisation Vector or Counter, @@ -376,7 +413,16 @@ struct rte_crypto_aead_xform { struct { const uint8_t *data; /**< pointer to key data */ uint16_t length; /**< key length in bytes */ - } key; + } __attribute__((__packed__)) key; + + struct { + /** + * offset for cipher to start within user provided data buffer. + */ + uint16_t offset; + } cpu_crypto; + + uint8_t reserved[4]; struct { uint16_t offset; diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h index aaafdfcd7..fed67ab39 100644 --- a/lib/librte_security/rte_security.h +++ b/lib/librte_security/rte_security.h @@ -303,10 +303,14 @@ enum rte_security_session_action_type { /**< All security protocol processing is performed inline during * transmission */ - RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL + RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, /**< All security protocol processing including crypto is performed * on a lookaside accelerator */ + RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO, + /**< Crypto processing for security protocol is processed by CPU + * synchronously + */ }; /** Security session protocol definition */ From patchwork Tue Nov 5 18:41:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Ananyev, Konstantin" X-Patchwork-Id: 62491 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0A72DA04A2; Tue, 5 Nov 2019 19:42:10 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 9E0FC1BF5C; Tue, 5 Nov 2019 19:42:05 +0100 (CET) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id A804D1BEF1; Tue, 5 Nov 2019 19:42:02 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Nov 2019 10:42:01 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,271,1569308400"; d="scan'208";a="403454553" Received: from sivswdev08.ir.intel.com ([10.237.217.47]) by fmsmga006.fm.intel.com with ESMTP; 05 Nov 2019 10:41:59 -0800 From: Konstantin Ananyev To: dev@dpdk.org, techboard@dpdk.org Cc: roy.fan.zhang@intel.com, declan.doherty@intel.com, akhil.goyal@nxp.com, Konstantin Ananyev Date: Tue, 5 Nov 2019 18:41:20 +0000 Message-Id: <20191105184122.15172-3-konstantin.ananyev@intel.com> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20191105184122.15172-1-konstantin.ananyev@intel.com> References: <20191105184122.15172-1-konstantin.ananyev@intel.com> Subject: [dpdk-dev] [RFC 2/4] security: introduce cpu-crypto API X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch extends rte_security API with CPU-CRYPTO mode. Crypto PMD that wants to support that functionality would need to: 1. claim RTE_CRYPTODEV_FF_SECURITY capability supported. 2. at device .probe() allocate and initialize security context (dev-> security_ctx). 3. implement at least the following functions inside rte_security_ops: .session_create, .session_get_size, .session_destroy, .process_cpu_crypto_sym For data-path processing consumer of that API would have to maintain: struct rte_security_ctx *ctx, struct rte_security_session *sess Signed-off-by: Konstantin Ananyev --- lib/librte_security/rte_security.c | 11 +++++++++++ lib/librte_security/rte_security.h | 22 ++++++++++++++++++++++ lib/librte_security/rte_security_driver.h | 20 ++++++++++++++++++++ 3 files changed, 53 insertions(+) diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c index bc81ce15d..243f59105 100644 --- a/lib/librte_security/rte_security.c +++ b/lib/librte_security/rte_security.c @@ -141,3 +141,14 @@ rte_security_capability_get(struct rte_security_ctx *instance, return NULL; } + +__rte_experimental +int +rte_security__cpu_crypto_sym_process(struct rte_security_ctx *instance, + struct rte_security_session *sess, struct rte_crypto_sym_vec *vec, + int32_t status[], uint32_t num) +{ + RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->process_cpu_crypto_sym, + -ENOENT); + return instance->ops->process_cpu_crypto_sym(sess, vec, status, num); +} diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h index fed67ab39..0dc8fec09 100644 --- a/lib/librte_security/rte_security.h +++ b/lib/librte_security/rte_security.h @@ -669,6 +669,28 @@ const struct rte_security_capability * rte_security_capability_get(struct rte_security_ctx *instance, struct rte_security_capability_idx *idx); + /** + * Perform actual crypto processing (encrypt/digest or auth/decrypt) + * on user provided data. + * + * @param instance security instance. + * @param sess Security session structure + * @param vec Array of vectors for input data + * @param status Array of status values (one per vec) + * (RTE_CRYPTO_OP_STATUS_* values) + * @param num Number of elems in vec and status arrays. + * + * @return + * - Returns negative errno value on error, or non-negative number + * of successfully processed input vectors. + * +*/ +__rte_experimental +int +rte_security__cpu_crypto_sym_process(struct rte_security_ctx *instance, + struct rte_security_session *sess, struct rte_crypto_sym_vec *vec, + int32_t status[], uint32_t num); + #ifdef __cplusplus } #endif diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h index 1b561f852..b348c5817 100644 --- a/lib/librte_security/rte_security_driver.h +++ b/lib/librte_security/rte_security_driver.h @@ -132,6 +132,25 @@ typedef int (*security_get_userdata_t)(void *device, typedef const struct rte_security_capability *(*security_capabilities_get_t)( void *device); +/** + * Perform actual crypto processing (encrypt/digest or auth/decrypt) + * on user provided data. + * + * @param sess Security session structure + * @param vec Array of vectors for input data + * @param status Array of status values (one per vec) + * (RTE_CRYPTO_OP_STATUS_* values) + * @param num Number of elems in vec and status arrays. + * + * @return + * - Returns negative errno value on error, or non-negative number + * of successfully processed input vectors. + * +*/ +typedef int (*security_process_cpu_crypto_sym_t)( + struct rte_security_session *sess, struct rte_crypto_sym_vec *vec, + int32_t status[], uint32_t num); + /** Security operations function pointer table */ struct rte_security_ops { security_session_create_t session_create; @@ -150,6 +169,7 @@ struct rte_security_ops { /**< Get userdata associated with session which processed the packet. */ security_capabilities_get_t capabilities_get; /**< Get security capabilities. */ + security_process_cpu_crypto_sym_t process_cpu_crypto_sym; }; #ifdef __cplusplus From patchwork Tue Nov 5 18:41:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Ananyev, Konstantin" X-Patchwork-Id: 62492 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id B3ED0A04A2; Tue, 5 Nov 2019 19:42:18 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id D16201BF86; Tue, 5 Nov 2019 19:42:16 +0100 (CET) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id C522C1BF85; Tue, 5 Nov 2019 19:42:14 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Nov 2019 10:42:13 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,271,1569308400"; d="scan'208";a="403454623" Received: from sivswdev08.ir.intel.com ([10.237.217.47]) by fmsmga006.fm.intel.com with ESMTP; 05 Nov 2019 10:42:11 -0800 From: Konstantin Ananyev To: dev@dpdk.org, techboard@dpdk.org Cc: roy.fan.zhang@intel.com, declan.doherty@intel.com, akhil.goyal@nxp.com, Konstantin Ananyev Date: Tue, 5 Nov 2019 18:41:21 +0000 Message-Id: <20191105184122.15172-4-konstantin.ananyev@intel.com> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20191105184122.15172-1-konstantin.ananyev@intel.com> References: <20191105184122.15172-1-konstantin.ananyev@intel.com> Subject: [dpdk-dev] [RFC 3/4] cryptodev: introduce cpu-crypto API X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch extends rte_cryptodev API with CPU-CRYPTO mode. This is done by reusing existing rte_crypto_sym_session structure itself and related control-path cryptodev API (init/clear/get_size/etc.) For data-path new sym_cpu_ process() function is added into rte_cryptodev dev_ops. Crypto PMD that wants to support that functionality would need to: 1. claim RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO capability supported. 2. change at least the following functions inside rte_cryptodev_ops: . sym_session_get_size, . sym_session_configure, . sym_session_clear to accommodate support for both sync and async modes, 3. implement new function inside rte_cryptodev_ops: sym_cpu_process For data-path processing consumer of that API would have to maintain: struct rte_cryptodev_sym_session *sess, list of dev ids for which this session was properly initialized As an advantage of this approach - reuse of existing API and minimal visible changes for crypto PMDs. Signed-off-by: Konstantin Ananyev --- lib/librte_cryptodev/rte_crypto_sym.h | 11 ++++++++++- lib/librte_cryptodev/rte_cryptodev.c | 14 ++++++++++++++ lib/librte_cryptodev/rte_cryptodev.h | 24 ++++++++++++++++++++++++ lib/librte_cryptodev/rte_cryptodev_pmd.h | 22 ++++++++++++++++++++++ 4 files changed, 70 insertions(+), 1 deletion(-) diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h index d8d9e9514..790c77524 100644 --- a/lib/librte_cryptodev/rte_crypto_sym.h +++ b/lib/librte_cryptodev/rte_crypto_sym.h @@ -166,6 +166,10 @@ struct rte_crypto_cipher_xform { * - Both keys must have the same size. **/ + /** + * CPU-CRYPTO specific data, should be set properly when + * (xform->type & RTE_CRYPTO_SYM_CPU_CRYPTO) != 0, otherwise ignored. + */ struct { /** * offset for cipher to start within user provided data buffer. @@ -415,6 +419,10 @@ struct rte_crypto_aead_xform { uint16_t length; /**< key length in bytes */ } __attribute__((__packed__)) key; + /** + * CPU-CRYPTO specific data, should be set properly when + * (xform->type & RTE_CRYPTO_SYM_CPU_CRYPTO) != 0, otherwise ignored. + */ struct { /** * offset for cipher to start within user provided data buffer. @@ -471,7 +479,8 @@ enum rte_crypto_sym_xform_type { RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED = 0, /**< No xform specified */ RTE_CRYPTO_SYM_XFORM_AUTH, /**< Authentication xform */ RTE_CRYPTO_SYM_XFORM_CIPHER, /**< Cipher xform */ - RTE_CRYPTO_SYM_XFORM_AEAD /**< AEAD xform */ + RTE_CRYPTO_SYM_XFORM_AEAD, /**< AEAD xform */ + RTE_CRYPTO_SYM_CPU_CRYPTO = INT32_MIN, /**< xform for cpu-crypto */ }; /** diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c index 89aa2ed3e..b1dbaf4c1 100644 --- a/lib/librte_cryptodev/rte_cryptodev.c +++ b/lib/librte_cryptodev/rte_cryptodev.c @@ -1616,6 +1616,20 @@ rte_cryptodev_sym_session_get_user_data( return (void *)(sess->sess_data + sess->nb_drivers); } +__rte_experimental +int +rte_cryptodev_sym_cpu_crypto_process(uint8_t dev_id, + struct rte_cryptodev_sym_session *sess, struct rte_crypto_sym_vec *vec, + int32_t status[], uint32_t num) +{ + struct rte_cryptodev *dev; + + dev = rte_cryptodev_pmd_get_dev(dev_id); + RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->sym_cpu_process,-ENOTSUP); + + return dev->dev_ops->sym_cpu_process(dev, sess, vec, status, num); +} + /** Initialise rte_crypto_op mempool element */ static void rte_crypto_op_init(struct rte_mempool *mempool, diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h index c6ffa3b35..24877006c 100644 --- a/lib/librte_cryptodev/rte_cryptodev.h +++ b/lib/librte_cryptodev/rte_cryptodev.h @@ -450,6 +450,8 @@ rte_cryptodev_asym_get_xform_enum(enum rte_crypto_asym_xform_type *xform_enum, /**< Support encrypted-digest operations where digest is appended to data */ #define RTE_CRYPTODEV_FF_ASYM_SESSIONLESS (1ULL << 20) /**< Support asymmetric session-less operations */ +#define RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO (1ULL << 21) +/**< Support symmeteric cpu-crypto processing */ /** @@ -1274,6 +1276,28 @@ void * rte_cryptodev_sym_session_get_user_data( struct rte_cryptodev_sym_session *sess); +/** + * Perform actual crypto processing (encrypt/digest or auth/decrypt) + * on user provided data. + * + * @param dev_id The device identifier. + * @param sess Cryptodev session structure + * @param vec Array of vectors for input data + * @param status Array of status values (one per vec) + * (RTE_CRYPTO_OP_STATUS_* values) + * @param num Number of elems in vec and status arrays. + * + * @return + * - Returns negative errno value on error, or non-negative number + * of successfully processed input vectors. + * +*/ +__rte_experimental +int +rte_cryptodev_sym_cpu_crypto_process(uint8_t dev_id, + struct rte_cryptodev_sym_session *sess, struct rte_crypto_sym_vec *vec, + int32_t status[], uint32_t num); + #ifdef __cplusplus } #endif diff --git a/lib/librte_cryptodev/rte_cryptodev_pmd.h b/lib/librte_cryptodev/rte_cryptodev_pmd.h index fba14f2fa..02e7a19ae 100644 --- a/lib/librte_cryptodev/rte_cryptodev_pmd.h +++ b/lib/librte_cryptodev/rte_cryptodev_pmd.h @@ -308,6 +308,26 @@ typedef void (*cryptodev_sym_free_session_t)(struct rte_cryptodev *dev, */ typedef void (*cryptodev_asym_free_session_t)(struct rte_cryptodev *dev, struct rte_cryptodev_asym_session *sess); +/** + * Perform actual crypto processing (encrypt/digest or auth/decrypt) + * on user provided data. + * + * @param dev Crypto device pointer + * @param sess Cryptodev session structure + * @param vec Array of vectors for input data + * @param status Array of status values (one per vec) + * (RTE_CRYPTO_OP_STATUS_* values) + * @param num Number of elems in vec and status arrays. + * + * @return + * - Returns negative errno value on error, or non-negative number + * of successfully processed input vectors. + * +*/ +typedef int (*cryptodev_sym_cpu_crypto_process_t)(struct rte_cryptodev *dev, + struct rte_cryptodev_sym_session *sess, struct rte_crypto_sym_vec *vec, + int32_t status[], uint32_t num); + /** Crypto device operations function pointer table */ struct rte_cryptodev_ops { @@ -342,6 +362,8 @@ struct rte_cryptodev_ops { /**< Clear a Crypto sessions private data. */ cryptodev_asym_free_session_t asym_session_clear; /**< Clear a Crypto sessions private data. */ + cryptodev_sym_cpu_crypto_process_t sym_cpu_process; + /**< process input data synchronously (cpu-crypto). */ }; From patchwork Tue Nov 5 18:41:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Ananyev, Konstantin" X-Patchwork-Id: 62493 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2EBCAA04A2; Tue, 5 Nov 2019 19:42:28 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 409591BF85; Tue, 5 Nov 2019 19:42:21 +0100 (CET) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by dpdk.org (Postfix) with ESMTP id E57FC1BF83; Tue, 5 Nov 2019 19:42:19 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Nov 2019 10:42:19 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,271,1569308400"; d="scan'208";a="403454651" Received: from sivswdev08.ir.intel.com ([10.237.217.47]) by fmsmga006.fm.intel.com with ESMTP; 05 Nov 2019 10:42:15 -0800 From: Konstantin Ananyev To: dev@dpdk.org, techboard@dpdk.org Cc: roy.fan.zhang@intel.com, declan.doherty@intel.com, akhil.goyal@nxp.com, Konstantin Ananyev Date: Tue, 5 Nov 2019 18:41:22 +0000 Message-Id: <20191105184122.15172-5-konstantin.ananyev@intel.com> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20191105184122.15172-1-konstantin.ananyev@intel.com> References: <20191105184122.15172-1-konstantin.ananyev@intel.com> Subject: [dpdk-dev] [RFC 4/4] cryptodev: introduce rte_crypto_cpu_sym_session API X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch extends rte_cryptodev API with CPU-CRYPTO mode. This is done by reusing of existing rte_crypto_sym_xform data structures and introducing new opaque rte_crypto_cpu_sym_session data structure and related control and data path API. Crypto PMD that wants to support that functionality would need to: 1. claim RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO capability supported. 2. implement new functions for rte_cryptodev_ops: . cpu_sym_session_size, . cpu_sym_session_init, 3. implement new functions for rte_crypto_cpu_sym_session: .clear, .process For data-path processing consumer would have to maintain: struct rte_crypto_cpu_sym_session *sess Below is a summary of reasons why I think adding new API is a preferable over reusing existing rte_crypto_sym_session API: 1. Inside rte_crypto_sym_session there is an array of pointers to PMD private session structures (indexed by driver id). Some of them might be initialized, others not. So even now, user has to maintain a list of dev_ids that can be used with this session. With patch #3 in-place it becomes even more complex - user will have to maintain two lists of dev_ids: - one for async crypto-devices that can be used with that session - another one for sync crypto-devices that can be used with that session In majority of examples within dpdk.org tree, we usually don't bother and use just one device per session. But for intermediate libraries (librte_ipsec, etc.) that have to be as generic as possible and can't make such assumptions such design choice is not very convenient. From other hand, cpu-crypto is SW based synchronous operation and it doesn't need any device/queue data during crypto-processing, all necessary information is stored inside session itself. The only stage where we really need dev_id - during session init(). So it seems natural to exclude dev_id from data and majority of control path completely. 2. Current rte_cryptodev_sym_session_init() expects PMD session data to be allocated via provided mempool. That seems not very flexible. Preferred way would be to allow user can allocate memory for cpu-crypto session whenever he likes. 3. Would allow PMD writer to expose a separate process() functions for different session types and hopefully save extra function call and reduce data-dependencies for fast-path comparing to previous patch. Signed-off-by: Konstantin Ananyev --- lib/librte_cryptodev/rte_crypto_sym.h | 8 +++ lib/librte_cryptodev/rte_cryptodev.c | 46 +++++++++++++++ lib/librte_cryptodev/rte_cryptodev.h | 71 ++++++++++++++++++++++++ lib/librte_cryptodev/rte_cryptodev_pmd.h | 49 ++++++++++++++++ 4 files changed, 174 insertions(+) diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h index d8d9e9514..45f3840bb 100644 --- a/lib/librte_cryptodev/rte_crypto_sym.h +++ b/lib/librte_cryptodev/rte_crypto_sym.h @@ -166,6 +166,10 @@ struct rte_crypto_cipher_xform { * - Both keys must have the same size. **/ + /** + * CPU-CRYPTO specific data, used only by rte_crypto_cpu_sym_session + * initialisation pass, otherwise ignored. + */ struct { /** * offset for cipher to start within user provided data buffer. @@ -415,6 +419,10 @@ struct rte_crypto_aead_xform { uint16_t length; /**< key length in bytes */ } __attribute__((__packed__)) key; + /** + * CPU-CRYPTO specific data, used only by rte_crypto_cpu_sym_session + * initialisation pass, otherwise ignored. + */ struct { /** * offset for cipher to start within user provided data buffer. diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c index 89aa2ed3e..8109665c2 100644 --- a/lib/librte_cryptodev/rte_cryptodev.c +++ b/lib/librte_cryptodev/rte_cryptodev.c @@ -1616,6 +1616,52 @@ rte_cryptodev_sym_session_get_user_data( return (void *)(sess->sess_data + sess->nb_drivers); } +__rte_experimental +int +rte_crypto_cpu_sym_session_size(uint8_t dev_id, + const struct rte_crypto_sym_xform *xforms) +{ + struct rte_cryptodev *dev; + + dev = rte_cryptodev_pmd_get_dev(dev_id); + RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->cpu_sym_session_size, -ENOTSUP); + + return dev->dev_ops->cpu_sym_session_size(dev, xforms); +} + +__rte_experimental +int +rte_crypto_cpu_sym_session_init(uint8_t dev_id, + struct rte_crypto_cpu_sym_session *sess, + const struct rte_crypto_sym_xform *xforms) +{ + struct rte_cryptodev *dev; + + dev = rte_cryptodev_pmd_get_dev(dev_id); + RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->cpu_sym_session_init, -ENOTSUP); + + return dev->dev_ops->cpu_sym_session_init(dev, sess, xforms); +} + +__rte_experimental +void +rte_crypto_cpu_sym_session_clear(struct rte_crypto_cpu_sym_session *sess) +{ + if (sess != NULL && sess->ops.clear != NULL) + return sess->ops.clear(sess); +} + +__rte_experimental +int +rte_crypto_cpu_sym_session_process(struct rte_crypto_cpu_sym_session *sess, + struct rte_crypto_sym_vec *vec, int32_t status[], uint32_t num) +{ + if (sess == NULL || sess->ops.process == NULL) + return -EINVAL; + + return sess->ops.process(sess, vec, status, num); +} + /** Initialise rte_crypto_op mempool element */ static void rte_crypto_op_init(struct rte_mempool *mempool, diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h index c6ffa3b35..3333bbe09 100644 --- a/lib/librte_cryptodev/rte_cryptodev.h +++ b/lib/librte_cryptodev/rte_cryptodev.h @@ -450,6 +450,8 @@ rte_cryptodev_asym_get_xform_enum(enum rte_crypto_asym_xform_type *xform_enum, /**< Support encrypted-digest operations where digest is appended to data */ #define RTE_CRYPTODEV_FF_ASYM_SESSIONLESS (1ULL << 20) /**< Support asymmetric session-less operations */ +#define RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO (1ULL << 21) +/**< Support symmeteric cpu-crypto processing */ /** @@ -1274,6 +1276,75 @@ void * rte_cryptodev_sym_session_get_user_data( struct rte_cryptodev_sym_session *sess); +/** + * opaque session structure for symmetric CPU-CRYPTO operations. + */ +struct rte_crypto_cpu_sym_session; + +/** + * Calculate required session size in bytes for given set of xforms. + * if xforms == NULL, then return the max possible session size, + * that would fit session for any supported by the device algorithm. + * if CPU-CRYPTO is not supported at all, or requeted in xform + * algorithm is not supported, then return -ENOTSUP. + * @param dev_id ID of device that we want the session to be used on + * @param xforms Symmetric crypto transform operations to apply on flow + * processed with this session + * @return + * - On success, positive value for required session size in bytes. + * - negative errno value otherwise. + */ +__rte_experimental +int +rte_crypto_cpu_sym_session_size(uint8_t dev_id, + const struct rte_crypto_sym_xform *xforms); + +/** + * Initialize symmetric CPU-CRYPTO session. + * It is caller responsibility to allocate enough space for it. + * See rte_crypto_cpu_sym_session_size above. + * @param dev_id ID of device that we want the session to be used on + * @param sess Pointer to the raw session buffer + * @param xforms Symmetric crypto transform operations to apply on flow + * processed with this session + * @return + * - On success, zero. + * - negative errno value otherwise. + */ +__rte_experimental +int +rte_crypto_cpu_sym_session_init(uint8_t dev_id, + struct rte_crypto_cpu_sym_session *sess, + const struct rte_crypto_sym_xform *xforms); + +/** + * De-initialize symmetric CPU-CRYPTO session. + * It is caller responsibility to free the session pointer afterwards. + */ +__rte_experimental +void +rte_crypto_cpu_sym_session_clear(struct rte_crypto_cpu_sym_session *sess); + +/** + * Perform actual crypto processing (encrypt/digest or auth/decrypt) + * on user provided data. + * + * @param sess cpu-crypto session structure + * @param vec Array of vectors for input data + * @param status Array of status values (one per vec) + * (RTE_CRYPTO_OP_STATUS_* values) + * @param num Number of elems in vec and status arrays. + * + * @return + * - Returns negative errno value on error, or non-negative number + * of successfully processed input vectors. + * ++*/ +__rte_experimental +int +rte_crypto_cpu_sym_session_process(struct rte_crypto_cpu_sym_session *sess, + struct rte_crypto_sym_vec *vec, int32_t status[], uint32_t num); + #ifdef __cplusplus } #endif diff --git a/lib/librte_cryptodev/rte_cryptodev_pmd.h b/lib/librte_cryptodev/rte_cryptodev_pmd.h index fba14f2fa..629461315 100644 --- a/lib/librte_cryptodev/rte_cryptodev_pmd.h +++ b/lib/librte_cryptodev/rte_cryptodev_pmd.h @@ -309,6 +309,38 @@ typedef void (*cryptodev_sym_free_session_t)(struct rte_cryptodev *dev, typedef void (*cryptodev_asym_free_session_t)(struct rte_cryptodev *dev, struct rte_cryptodev_asym_session *sess); +/** + * Calculate required session size in bytes for given set of xforms. + * if xforms == NULL, then return the max possible session size, + * that would fit session for any supported by the device algorithm. + * if CPU-CRYPTO is not supported at all, or requeted in xform + * algorithm is not supported, then return -ENOTSUP. + * @param dev Crypto device pointer + * @param xforms Symmetric crypto transform operations to apply on flow + * processed with this session + * @return + * - On success, positive value for required session size in bytes. + * - negative errno value otherwise. + */ +typedef int (*cryptodev_cpu_sym_session_size_t)(struct rte_cryptodev *dev, + const struct rte_crypto_sym_xform *xforms); + +/** + * Initialize symmetric CPU-CRYPTO session. + * It is caller responsibility to allocate enough space for it. + * See rte_crypto_cpu_sym_session_size above. + * @param dev Crypto device pointer + * @param sess Pointer to the raw session buffer + * @param xforms Symmetric crypto transform operations to apply on flow + * processed with this session + * @return + * - On success, zero. + * - negative errno value otherwise. + */ +typedef int (*cryptodev_cpu_sym_session_init_t)(struct rte_cryptodev *dev, + struct rte_crypto_cpu_sym_session *sess, + const struct rte_crypto_sym_xform *xforms); + /** Crypto device operations function pointer table */ struct rte_cryptodev_ops { cryptodev_configure_t dev_configure; /**< Configure device. */ @@ -342,6 +374,10 @@ struct rte_cryptodev_ops { /**< Clear a Crypto sessions private data. */ cryptodev_asym_free_session_t asym_session_clear; /**< Clear a Crypto sessions private data. */ + cryptodev_cpu_sym_session_size_t cpu_sym_session_size; + /**< Calculate required cpu-crypto session size. */ + cryptodev_cpu_sym_session_init_t cpu_sym_session_init; + /**< Initialise cpu-crypto session. */ }; @@ -506,6 +542,19 @@ set_asym_session_private_data(struct rte_cryptodev_asym_session *sess, sess->sess_private_data[driver_id] = private_data; } + +struct rte_crypto_cpu_sym_session_ops { + void (*clear)(struct rte_crypto_cpu_sym_session *); + int (*process)(struct rte_crypto_cpu_sym_session *, + struct rte_crypto_sym_vec *, int32_t [], uint32_t); +}; + +struct rte_crypto_cpu_sym_session { + struct rte_crypto_cpu_sym_session_ops ops; + /** session private data starts here. */ + void *sess_data[0] __rte_cache_min_aligned; +}; + #ifdef __cplusplus } #endif