On 12 January 2017 at 21:12, Zbigniew Bodek
<zbigniew.bo...@caviumnetworks.com> wrote:
> Hello Jianbo Liu,
>
> Thanks for the review. Please check my answers in-line.
>
> Kind regards
> Zbigniew
>
>
> On 06.01.2017 03:45, Jianbo Liu wrote:
>>
>> On 5 January 2017 at 01:33, <zbigniew.bo...@caviumnetworks.com> wrote:
>>>
>>> From: Zbigniew Bodek <zbigniew.bo...@caviumnetworks.com>
>>>
>>> This patch introduces crypto poll mode driver
>>> using ARMv8 cryptographic extensions.
>>> CPU compatibility with this driver is detected in
>>> run-time and virtual crypto device will not be
>>> created if CPU doesn't provide:
>>> AES, SHA1, SHA2 and NEON.
>>>
>>> This PMD is optimized to provide performance boost
>>> for chained crypto operations processing,
>>> such as encryption + HMAC generation,
>>> decryption + HMAC validation. In particular,
>>> cipher only or hash only operations are
>>> not provided.
>>>
>>> The driver currently supports AES-128-CBC
>>> in combination with: SHA256 HMAC and SHA1 HMAC
>>> and relies on the external armv8_crypto library:
>>> https://github.com/caviumnetworks/armv8_crypto
>>>
>>
>> It's standalone lib. I think you should change the following line in
>> its Makefile, so not depend on DPDK.
>> "include $(RTE_SDK)/mk/rte.lib.mk"
>>
>>> This patch adds driver's code only and does
>>> not include it in the build system.
>>>
>>> Signed-off-by: Zbigniew Bodek <zbigniew.bo...@caviumnetworks.com>
>>> ---
>>> drivers/crypto/armv8/Makefile | 73 ++
>>> drivers/crypto/armv8/rte_armv8_pmd.c | 926
>>> +++++++++++++++++++++++++
>>> drivers/crypto/armv8/rte_armv8_pmd_ops.c | 369 ++++++++++
>>> drivers/crypto/armv8/rte_armv8_pmd_private.h | 211 ++++++
>>> drivers/crypto/armv8/rte_armv8_pmd_version.map | 3 +
>>> 5 files changed, 1582 insertions(+)
>>> create mode 100644 drivers/crypto/armv8/Makefile
>>> create mode 100644 drivers/crypto/armv8/rte_armv8_pmd.c
>>> create mode 100644 drivers/crypto/armv8/rte_armv8_pmd_ops.c
>>> create mode 100644 drivers/crypto/armv8/rte_armv8_pmd_private.h
>>> create mode 100644 drivers/crypto/armv8/rte_armv8_pmd_version.map
>>>
.....
>>> + /* Select auth algo */
>>> + switch (auth_xform->auth.algo) {
>>> + /* Cover supported hash algorithms */
>>> + case RTE_CRYPTO_AUTH_SHA256:
>>> + aalg = auth_xform->auth.algo;
>>> + sess->auth.mode = ARMV8_CRYPTO_AUTH_AS_AUTH;
>>> + break;
>>> + case RTE_CRYPTO_AUTH_SHA1_HMAC:
>>> + case RTE_CRYPTO_AUTH_SHA256_HMAC: /* Fall through */
>>> + aalg = auth_xform->auth.algo;
>>> + sess->auth.mode = ARMV8_CRYPTO_AUTH_AS_HMAC;
>>> + break;
>>> + default:
>>> + return -EINVAL;
>>> + }
>>> +
>>> + /* Verify supported key lengths and extract proper algorithm */
>>> + switch (cipher_xform->cipher.key.length << 3) {
>>> + case 128:
>>> + sess->crypto_func =
>>> + CRYPTO_GET_ALGO(order, cop, calg, aalg,
>>> 128);
>>> + sess->cipher.key_sched =
>>> + CRYPTO_GET_KEY_SCHED(cop, calg, 128);
>>> + break;
>>> + case 192:
>>> + sess->crypto_func =
>>> + CRYPTO_GET_ALGO(order, cop, calg, aalg,
>>> 192);
>>> + sess->cipher.key_sched =
>>> + CRYPTO_GET_KEY_SCHED(cop, calg, 192);
>>> + break;
>>> + case 256:
>>> + sess->crypto_func =
>>> + CRYPTO_GET_ALGO(order, cop, calg, aalg,
>>> 256);
>>> + sess->cipher.key_sched =
>>> + CRYPTO_GET_KEY_SCHED(cop, calg, 256);
>>> + break;
>>> + default:
>>> + sess->crypto_func = NULL;
>>> + sess->cipher.key_sched = NULL;
>>> + return -EINVAL;
>>> + }
>>> +
>>> + if (unlikely(sess->crypto_func == NULL)) {
>>> + /*
>>> + * If we got here that means that there must be a bug
>>
>>
>> Since AES-128-CBC is only supported in your patch. It means that
>> crypto_func could be NULL according to the switch above if
>> cipher.key.length > 128?
>
>
> Yes. Instead of checking for key lengths in a similar way that we check for
> algorithms, etc. we just fail when we don't find appropriate function. Do
> you suggest that this should be changed?
>
I mean to return error directly if length is not 128 in the above
switch, so this "if" is no necessary.
>
>>
>>> + * in the algorithms selection above. Nevertheless keep
>>> + * it here to catch bug immediately and avoid NULL
>>> pointer
>>> + * dereference in OPs processing.
>>> + */
>>> + ARMV8_CRYPTO_LOG_ERR(
>>> + "No appropriate crypto function for given
>>> parameters");
>>> + return -EINVAL;
>>> + }
>>> +
>>> + /* Set up cipher session prerequisites */
>>> + if (cipher_set_prerequisites(sess, cipher_xform) != 0)
>>> + return -EINVAL;
>>> +
>>> + /* Set up authentication session prerequisites */
>>> + if (auth_set_prerequisites(sess, auth_xform) != 0)
>>> + return -EINVAL;
>>> +
>>> + return 0;
>>> +}
>>> +
>>
>>
>> ....
>>
>>> diff --git a/drivers/crypto/armv8/rte_armv8_pmd_ops.c
>>> b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
>>> new file mode 100644
>>> index 0000000..2bf6475
>>> --- /dev/null
>>> +++ b/drivers/crypto/armv8/rte_armv8_pmd_ops.c
>>> @@ -0,0 +1,369 @@
>>> +/*
>>> + * BSD LICENSE
>>> + *
>>> + * Copyright (C) Cavium networks Ltd. 2017.
>>> + *
>>> + * Redistribution and use in source and binary forms, with or without
>>> + * modification, are permitted provided that the following conditions
>>> + * are met:
>>> + *
>>> + * * Redistributions of source code must retain the above copyright
>>> + * notice, this list of conditions and the following disclaimer.
>>> + * * Redistributions in binary form must reproduce the above
>>> copyright
>>> + * notice, this list of conditions and the following disclaimer in
>>> + * the documentation and/or other materials provided with the
>>> + * distribution.
>>> + * * Neither the name of Cavium networks nor the names of its
>>> + * contributors may be used to endorse or promote products derived
>>> + * from this software without specific prior written permission.
>>> + *
>>> + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
>>> + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
>>> + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
>>> FOR
>>> + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
>>> COPYRIGHT
>>> + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
>>> INCIDENTAL,
>>> + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
>>> + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
>>> USE,
>>> + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
>>> ANY
>>> + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
>>> + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
>>> USE
>>> + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
>>> DAMAGE.
>>> + */
>>> +
>>> +#include <string.h>
>>> +
>>> +#include <rte_common.h>
>>> +#include <rte_malloc.h>
>>> +#include <rte_cryptodev_pmd.h>
>>> +
>>> +#include "armv8_crypto_defs.h"
>>> +
>>> +#include "rte_armv8_pmd_private.h"
>>> +
>>> +static const struct rte_cryptodev_capabilities
>>> + armv8_crypto_pmd_capabilities[] = {
>>> + { /* SHA1 HMAC */
>>> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
>>> + {.sym = {
>>> + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
>>> + {.auth = {
>>> + .algo =
>>> RTE_CRYPTO_AUTH_SHA1_HMAC,
>>> + .block_size = 64,
>>> + .key_size = {
>>> + .min = 16,
>>> + .max = 128,
>>> + .increment = 0
>>> + },
>>> + .digest_size = {
>>> + .min = 20,
>>> + .max = 20,
>>> + .increment = 0
>>> + },
>>> + .aad_size = { 0 }
>>> + }, }
>>> + }, }
>>> + },
>>> + { /* SHA256 HMAC */
>>> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
>>> + {.sym = {
>>> + .xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
>>> + {.auth = {
>>> + .algo =
>>> RTE_CRYPTO_AUTH_SHA256_HMAC,
>>> + .block_size = 64,
>>> + .key_size = {
>>> + .min = 16,
>>> + .max = 128,
>>> + .increment = 0
>>> + },
>>> + .digest_size = {
>>> + .min = 32,
>>> + .max = 32,
>>> + .increment = 0
>>> + },
>>> + .aad_size = { 0 }
>>> + }, }
>>> + }, }
>>> + },
>>> + { /* AES CBC */
>>> + .op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
>>> + {.sym = {
>>> + .xform_type =
>>> RTE_CRYPTO_SYM_XFORM_CIPHER,
>>> + {.cipher = {
>>> + .algo =
>>> RTE_CRYPTO_CIPHER_AES_CBC,
>>> + .block_size = 16,
>>> + .key_size = {
>>> + .min = 16,
>>> + .max = 16,
>>> + .increment = 0
>>> + },
>>> + .iv_size = {
>>> + .min = 16,
>>> + .max = 16,
>>> + .increment = 0
>>> + }
>>> + }, }
>>> + }, }
>>> + },
>>> +
>>
>>
>> It's strange that you defined aes and hmac here, but not implemented
>> them, though their combinations are implemented.
>> Will you add later?
>
>
> We may add standalone algorithms in the future but those ops here are not
> for that purpose. I thought that since there is no chained operations
> capability we should export what we can do even though that it will work
> (mean not return error) only if the operations are chained.
> Do you have some other suggestion?
>
Nothing special. Either implement them later, or add new chained ops
(is that possible?)
BTW, can you explain what optimization you have done, so I can better
understand your asm code, thanks!
>
>>
>>> + RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
>>> +};
>>> +
>>> +
