On 6/26/2017 3:52 PM, Pablo de Lara wrote:
This patchset attempts to correct and improve the current crypto operation (rte_crypto_op) and symmetric crypto operation (rte_crypto_sym_op) structures, shrinking their sizes to fit both structures into two 64-byte cache lines (with extra space for the IV and other user data) as one of the goals.It also introduces new AEAD algorithm specific parameters, to simplify its setup with a single transform, instead of a concatenation of a cipher and an authentication transform. The following changes are made: In rte_crypto_op: - Moved session type (with session/sessionless) from symmetric op to crypto op, as this could be used for other types - Combined operation type, operation status and session type into a 64-bit flag (each one taking 1 byte), instead of having enums taking 4 bytes each - Removed opaque data from crypto operation, as private data can be allocated just after the symmetric (or other type) crypto operation - Modified symmetric operation pointer to zero-array, as the symmetric op should be always after the crypto operation - Removed unnecessary cache alignment In rte_crypto_sym_xform: - Added IV length and offset in sym_xform, so these will be fixed for all the operations in a session - Added a new AEAD transform - Added IV for authentication and AEAD transforms - Removed AAD length from authentication transform, as it is only used for AEAD algorithms In rte_crypto_sym_op: - Removed IV parameters, which will be only in the session. - Added AEAD specific parameters. - Create union with the new AEAD parameters and the cipher/authentication parameters, as the three cannot be used at the same time - Removed digest length from sym crypto op, so this length will be fixed for all the operations in a session - Removed AAD length from sym crypto op, so this length will be fixed for all operations in a session - Removed AAD from authentication structure, as it is only used for AEAD algorithms - Added zero-array at the end of sym crypto op to be used to get extra allocated memory (IV + other user data) In terms of algorithm usage: - AEAD algorithms (like AES-GCM) are set up only using the AEAD structure - AES GMAC will be an authentication only algorithm, using the source buffer directly, instead of AAD field - Wireless algorithms (like SNOW3G) do not use AAD field for authentication IV anymore, as this is available now. Finally, a comparison between the previous operation and the new operation: Previous rte_crypto_op (40 bytes) and rte_crypto_sym_op (114 bytes) structures: struct rte_crypto_op { enum rte_crypto_op_type type; enum rte_crypto_op_status status; struct rte_mempool *mempool; phys_addr_t phys_addr; void *opaque_data; union { struct rte_crypto_sym_op *sym; }; } __rte_cache_aligned; struct rte_crypto_sym_op { struct rte_mbuf *m_src; struct rte_mbuf *m_dst; enum rte_crypto_sym_op_sess_type sess_type; RTE_STD_C11 union { struct rte_cryptodev_sym_session *session; struct rte_crypto_sym_xform *xform; }; struct { struct { uint32_t offset; uint32_t length; } data; struct { uint8_t *data; phys_addr_t phys_addr; uint16_t length; } iv; } cipher; struct { struct { uint32_t offset; uint32_t length; } data; struct { uint8_t *data; phys_addr_t phys_addr; uint16_t length; } digest; /**< Digest parameters */ struct { uint8_t *data; phys_addr_t phys_addr; uint16_t length; } aad; } auth; } __rte_cache_aligned; New rte_crypto_op (24 bytes) and rte_crypto_sym_op (72 bytes) structures: struct rte_crypto_op { uint64_t type: 8; uint64_t status: 8; uint64_t sess_type: 8; struct rte_mempool *mempool; phys_addr_t phys_addr; RTE_STD_C11 union { struct rte_crypto_sym_op sym[0]; }; } __rte_cache_aligned; struct rte_crypto_sym_op { struct rte_mbuf *m_src; struct rte_mbuf *m_dst; union { struct rte_cryptodev_sym_session *session; /**< Handle for the initialised session context */ struct rte_crypto_sym_xform *xform; /**< Session-less API Crypto operation parameters */ }; union { struct { struct { uint32_t offset; uint32_t length; } data; /**< Data offsets and length for AEAD */ struct { uint8_t *data; phys_addr_t phys_addr; } digest; /**< Digest parameters */ struct { uint8_t *data; phys_addr_t phys_addr; } aad; /**< Additional authentication parameters */ } aead; struct { struct { struct { uint32_t offset; uint32_t length; } data; /**< Data offsets and length for ciphering */ } cipher; struct { struct { uint32_t offset; uint32_t length; } data; /**< Data offsets and length for authentication */ struct { uint8_t *data; phys_addr_t phys_addr; } digest; /**< Digest parameters */ } auth; }; }; }; Changes in v2: - Added AEAD structures - Added authentication IV (used for AES-GMAC and wireless algorithms) - Modified all applications with the changes - Modified all drivers with the changes - Moved AAD length to the crypto session - Rebased against latest dpdk-next-crypto - Added documentation changes Pablo de Lara (27): cryptodev: move session type to generic crypto op cryptodev: replace enums with 1-byte variables cryptodev: remove opaque data pointer in crypto op cryptodev: do not store pointer to op specific params cryptodev: remove useless alignment cryptodev: add crypto op helper macros crypto/qat: fix KASUMI authentication test/crypto: move IV to crypto op private data test/crypto-perf: move IV to crypto op private data app/crypto-perf: move IV to crypto op private data examples/l2fwd-crypto: move IV to crypto op private data examples/ipsec-secgw: move IV to crypto op private data cryptodev: pass IV as offset cryptodev: move IV parameters to crypto session cryptodev: add auth IV cryptodev: do not use AAD in wireless algorithms cryptodev: remove AAD length from crypto op cryptodev: remove digest length from crypto op cryptodev: set AES-GMAC as auth-only algo cryptodev: add AEAD specific data cryptodev: add AEAD parameters in crypto operation examples/l2fwd-crypto: avoid too many tabs app/test-crypto-perf: add AEAD parameters examples/ipsec-secgw: add AEAD parameters examples/l2fwd-crypto: add AEAD parameters cryptodev: use AES-GCM/CCM as AEAD algorithms cryptodev: remove AAD from authentication structure app/test-crypto-perf/cperf_ops.c | 215 ++-- app/test-crypto-perf/cperf_ops.h | 6 +- app/test-crypto-perf/cperf_options.h | 24 +- app/test-crypto-perf/cperf_options_parsing.c | 148 ++- app/test-crypto-perf/cperf_test_latency.c | 59 +- app/test-crypto-perf/cperf_test_throughput.c | 24 +- app/test-crypto-perf/cperf_test_vector_parsing.c | 67 +- app/test-crypto-perf/cperf_test_vectors.c | 140 ++- app/test-crypto-perf/cperf_test_vectors.h | 20 +- app/test-crypto-perf/cperf_test_verify.c | 25 +- app/test-crypto-perf/data/aes_cbc_128_sha.data | 2 +- app/test-crypto-perf/data/aes_cbc_192_sha.data | 2 +- app/test-crypto-perf/data/aes_cbc_256_sha.data | 2 +- app/test-crypto-perf/main.c | 61 +- doc/guides/prog_guide/cryptodev_lib.rst | 107 +- doc/guides/prog_guide/img/crypto_xform_chain.svg | 8 +- doc/guides/rel_notes/release_17_08.rst | 36 + doc/guides/sample_app_ug/ipsec_secgw.rst | 43 +- doc/guides/sample_app_ug/l2_forward_crypto.rst | 41 +- doc/guides/tools/cryptoperf.rst | 50 +- drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 260 +++-- drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 32 +- drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h | 13 +- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 16 +- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 21 +- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 5 + drivers/crypto/armv8/rte_armv8_pmd.c | 26 +- drivers/crypto/armv8/rte_armv8_pmd_ops.c | 6 +- drivers/crypto/armv8/rte_armv8_pmd_private.h | 9 +- drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 87 +- drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 25 +- drivers/crypto/kasumi/rte_kasumi_pmd.c | 88 +- drivers/crypto/kasumi/rte_kasumi_pmd_ops.c | 5 +- drivers/crypto/kasumi/rte_kasumi_pmd_private.h | 2 + drivers/crypto/null/null_crypto_pmd.c | 15 +- drivers/crypto/null/null_crypto_pmd_ops.c | 9 +- drivers/crypto/openssl/rte_openssl_pmd.c | 209 +++- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 103 +- drivers/crypto/openssl/rte_openssl_pmd_private.h | 14 + drivers/crypto/qat/qat_adf/qat_algs.h | 9 + drivers/crypto/qat/qat_adf/qat_algs_build_desc.c | 7 +- drivers/crypto/qat/qat_crypto.c | 372 +++++-- drivers/crypto/qat/qat_crypto.h | 4 + drivers/crypto/qat/qat_crypto_capabilities.h | 82 +- drivers/crypto/snow3g/rte_snow3g_pmd.c | 79 +- drivers/crypto/snow3g/rte_snow3g_pmd_ops.c | 5 +- drivers/crypto/snow3g/rte_snow3g_pmd_private.h | 2 + drivers/crypto/zuc/rte_zuc_pmd.c | 63 +- drivers/crypto/zuc/rte_zuc_pmd_ops.c | 7 +- drivers/crypto/zuc/rte_zuc_pmd_private.h | 2 + examples/ipsec-secgw/esp.c | 243 ++-- examples/ipsec-secgw/ipsec.c | 1 - examples/ipsec-secgw/ipsec.h | 6 +- examples/ipsec-secgw/sa.c | 285 +++-- examples/l2fwd-crypto/main.c | 721 +++++++++--- lib/librte_cryptodev/rte_crypto.h | 37 +- lib/librte_cryptodev/rte_crypto_sym.h | 618 +++++----- lib/librte_cryptodev/rte_cryptodev.c | 71 +- lib/librte_cryptodev/rte_cryptodev.h | 90 +- lib/librte_cryptodev/rte_cryptodev_version.map | 10 + test/test/test_cryptodev.c | 1176 ++++++++------------ test/test/test_cryptodev.h | 6 + test/test/test_cryptodev_blockcipher.c | 35 +- test/test/test_cryptodev_gcm_test_vectors.h | 29 +- .../test/test_cryptodev_kasumi_hash_test_vectors.h | 16 +- test/test/test_cryptodev_kasumi_test_vectors.h | 20 +- test/test/test_cryptodev_perf.c | 673 +++++------ .../test/test_cryptodev_snow3g_hash_test_vectors.h | 14 +- test/test/test_cryptodev_snow3g_test_vectors.h | 24 +- test/test/test_cryptodev_zuc_test_vectors.h | 38 +- 70 files changed, 4042 insertions(+), 2728 deletions(-)
Acked-by: Akhil Goyal <[email protected]>
