Hi
Small comment
From: Thomas Monjalon
> From: Matan Azrad <ma...@nvidia.com>
>
> In cryptography, a block cipher is a deterministic algorithm operating on
> fixed-
> length groups of bits, called blocks.
>
> A block cipher consists of two paired algorithms, one for encryption and the
> other for decryption. Both algorithms accept two inputs:
> an input block of size n bits and a key of size k bits; and both yield an
> n-bit
> output block. The decryption algorithm is defined to be the inverse function
> of
> the encryption.
>
> For AES standard the block size is 16 bytes.
> For AES in XTS mode, the data to be encrypted\decrypted does not have to be
> multiple of 16B size, the unit of data is called data-unit.
> The data-unit size can be any size in range [16B, 2^24B], so, in this case, a
> data
> stream is divided into N amount of equal data-units and must be
> encrypted\decrypted in the same data-unit resolution.
>
> For ABI compatibility reason, the size is limited to 64K (16-bit field).
> The new field dataunit_len is inserted in a struct padding hole, which is
> only 2
> bytes long in 32-bit build.
> It could be extended later during an ABI-breakage window.
>
> The current cryptodev API doesn't allow the user to select a specific
> data-unit
> length supported by the devices.
> In addition, there is no definition how the IV is detected per data-unit when
> single operation includes more than one data-unit.
>
> That causes applications to use single operation per data-unit even though all
> the data is continuous in memory what reduces datapath performance.
>
> Add a new feature flag to support multiple data-unit sizes, called
> RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS.
> Add a new field in cipher capability, called dataunit_set, where the devices
> can
> report the range of the supported data-unit sizes.
> Add a new cipher transformation field, called dataunit_len, where the user can
> select the data-unit length for all the operations.
>
> All the new fields do not change the size of their structures, by filling some
> struct padding holes.
> They are added as exceptions in the ABI check file libabigail.abignore.
>
> Using a bitmap to report the supported data-unit sizes capability allows the
> devices to report a range simply as same as the user to read it simply. also,
> thus sizes are usually common and probably will be shared among different
> devices.
>
> Signed-off-by: Matan Azrad <ma...@nvidia.com>
> Signed-off-by: Thomas Monjalon <tho...@monjalon.net>
> ---
> v1:
> - Use data-unit term instead of block.
> - Update cipher length description in OP.
> - Improve descriptions on xform and capability.
> - Improve commit log.
>
> v2:
> - Fix typo: MULITPLE->MULTIPLE.
> - Remain only planned supported sizes for data-unit capability.
>
> v3:
> - Improve some comments.
> - Fix ABI breakage.
>
> Note: the suppression rules work in libabigail for this patch, but not sure
> it is
> really considering the offsets defined in the file.
>
> ---
> devtools/libabigail.abignore | 12 +++++++++++-
> doc/guides/cryptodevs/features/default.ini | 1 +
> doc/guides/cryptodevs/overview.rst | 3 +++
> doc/guides/rel_notes/release_21_05.rst | 6 ++++++
> lib/librte_cryptodev/rte_crypto_sym.h | 18 ++++++++++++++++--
> lib/librte_cryptodev/rte_cryptodev.c | 2 ++
> lib/librte_cryptodev/rte_cryptodev.h | 16 ++++++++++++++++
> 7 files changed, 55 insertions(+), 3 deletions(-)
>
> diff --git a/devtools/libabigail.abignore b/devtools/libabigail.abignore index
> 6c0b38984e..bce940f2df 100644
> --- a/devtools/libabigail.abignore
> +++ b/devtools/libabigail.abignore
> @@ -19,4 +19,14 @@
> ; Ignore fields inserted in cacheline boundary of rte_cryptodev
> [suppress_type]
> name = rte_cryptodev
> - has_data_member_inserted_between = {offset_after(attached), end}
> \ No newline at end of file
> + has_data_member_inserted_between = {offset_after(attached),
> + end}
> +
> +; Ignore fields inserted in union boundary of
> +rte_cryptodev_symmetric_capability
> +[suppress_type]
> + name = rte_cryptodev_symmetric_capability
> + has_data_member_inserted_between =
> +{offset_after(cipher.iv_size), end}
> +
> +; Ignore fields inserted in middle padding of rte_crypto_cipher_xform
> +[suppress_type]
> + name = rte_crypto_cipher_xform
> + has_data_member_inserted_between = {offset_after(key),
> +offset_of(iv)}
> diff --git a/doc/guides/cryptodevs/features/default.ini
> b/doc/guides/cryptodevs/features/default.ini
> index 17b177fc45..978bb30cc1 100644
> --- a/doc/guides/cryptodevs/features/default.ini
> +++ b/doc/guides/cryptodevs/features/default.ini
> @@ -31,6 +31,7 @@ CPU crypto =
> Symmetric sessionless =
> Non-Byte aligned data =
> Sym raw data path API =
> +Cipher multiple data units =
>
> ;
> ; Supported crypto algorithms of a default crypto driver.
> diff --git a/doc/guides/cryptodevs/overview.rst
> b/doc/guides/cryptodevs/overview.rst
> index e2a1e08ec1..e24e3e1993 100644
> --- a/doc/guides/cryptodevs/overview.rst
> +++ b/doc/guides/cryptodevs/overview.rst
> @@ -46,6 +46,9 @@ Supported Feature Flags
> - "Digest encrypted" feature flag means PMD support hash-cipher cases,
> where generated digest is appended to and encrypted with the data.
>
> + - "CIPHER_MULTIPLE_DATA_UNITS" feature flag means PMD support
> operations
> + on multiple data-units message.
> +
>
> Supported Cipher Algorithms
> ---------------------------
> diff --git a/doc/guides/rel_notes/release_21_05.rst
> b/doc/guides/rel_notes/release_21_05.rst
> index 9a666b629d..2dc776c35e 100644
> --- a/doc/guides/rel_notes/release_21_05.rst
> +++ b/doc/guides/rel_notes/release_21_05.rst
> @@ -145,6 +145,12 @@ New Features
>
> * Added support for preferred busy polling.
>
> +* **Added support of multiple data-units in cryptodev API.**
> +
> + The cryptodev library has been enhanced to allow operations on
> + multiple data-units for AES-XTS algorithm, the data-unit length
> + should be set in the transformation. A capability for it was added too.
> +
> * **Updated Mellanox RegEx PMD.**
>
> * Added support for multi-segments mbuf.
> diff --git a/lib/librte_cryptodev/rte_crypto_sym.h
> b/lib/librte_cryptodev/rte_crypto_sym.h
> index 9d572ec057..ec45714fc3 100644
> --- a/lib/librte_cryptodev/rte_crypto_sym.h
> +++ b/lib/librte_cryptodev/rte_crypto_sym.h
> @@ -222,6 +222,19 @@ struct rte_crypto_cipher_xform {
> * - Each key can be either 128 bits (16 bytes) or 256 bits (32
> bytes).
> * - Both keys must have the same size.
> **/
> +
> + uint16_t dataunit_len;
> + /**< When RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS is
> enabled,
> + * this is the data-unit length of the algorithm,
> + * otherwise or when the value is 0, use the operation length.
> + * The value should be in the range defined by the dataunit_set field
> + * in the cipher capability.
> + *
> + * - For AES-XTS it is the size of data-unit, from IEEE Std 1619-2007.
> + * For-each data-unit in the operation, the tweak (IV) value is
> + * assigned consecutively starting from the operation assigned IV.
> + */
> +
> struct {
> uint16_t offset;
> /**< Starting point for Initialisation Vector or Counter, @@
> -701,9
> +714,10 @@ struct rte_crypto_sym_op {
> /**< The message length, in bytes,
> of the
> * source buffer on which the
> cryptographic
> * operation will be computed.
> + * This is also the same as the
> result length.
> * This must be a multiple of the
> block size
> - * if a block cipher is being used.
> This is
> - * also the same as the result
> length.
> + * or a multiple of data-unit length
> + * as described in xform.
> *
> * @note
> * For SNOW 3G @
> RTE_CRYPTO_AUTH_SNOW3G_UEA2, diff --git
> a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
> index 40f55a3cd0..e02e001325 100644
> --- a/lib/librte_cryptodev/rte_cryptodev.c
> +++ b/lib/librte_cryptodev/rte_cryptodev.c
> @@ -617,6 +617,8 @@ rte_cryptodev_get_feature_name(uint64_t flag)
> return "SYM_SESSIONLESS";
> case RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA:
> return "NON_BYTE_ALIGNED_DATA";
> + case RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS:
> + return "CIPHER_MULTIPLE_DATA_UNITS";
> default:
> return NULL;
> }
> diff --git a/lib/librte_cryptodev/rte_cryptodev.h
> b/lib/librte_cryptodev/rte_cryptodev.h
> index ae34f33f69..f6972a7d19 100644
> --- a/lib/librte_cryptodev/rte_cryptodev.h
> +++ b/lib/librte_cryptodev/rte_cryptodev.h
> @@ -95,6 +95,15 @@ struct rte_crypto_param_range {
> */
> };
>
> +/**
> + * Data-unit supported lengths of cipher algorithms.
> + * A bit can represent any set of data-unit sizes
> + * (single size, multiple size, range, etc).
> + */
> +#define RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_512_BYTES (1 << 0)
> +#define RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_4096_BYTES (1 << 1)
> +#define RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_1M_BYTES (1 << 2)
1M is irrelevant since datauinit_len is only 16 bits now.
> +
> /**
> * Symmetric Crypto Capability
> */
> @@ -127,6 +136,11 @@ struct rte_cryptodev_symmetric_capability {
> /**< cipher key size range */
> struct rte_crypto_param_range iv_size;
> /**< Initialisation vector data size range */
> + uint32_t dataunit_set;
> + /**<
> + * A bitmap for a set of the supported data-unit
> lengths.
> + * 0 for any length defined in the algorithm standard.
> + */
> } cipher;
> /**< Symmetric Cipher transform capabilities */
> struct {
> @@ -461,6 +475,8 @@ rte_cryptodev_asym_get_xform_enum(enum
> rte_crypto_asym_xform_type *xform_enum, /**< Support operations on data
> which is not byte aligned */
> #define RTE_CRYPTODEV_FF_SYM_RAW_DP (1ULL << 24)
> /**< Support accelerator specific symmetric raw data-path APIs */
> +#define RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS (1ULL << 25)
> +/**< Support operations on multiple data-units message */
>
> /**
> * Get the name of a crypto device feature flag
> --
> 2.31.1
