[dpdk-dev] [PATCH v2 0/6] Crypto API and device framework

Declan Doherty declan.doherty at intel.com
Fri Oct 30 13:59:40 CET 2015


This series of patches defines a set of application burst oriented APIs for
asynchronous symmetric cryptographic functions within DPDK. It also contains a
poll mode driver cryptographic device framework for the implementation of
crypto devices within DPDK.

In the patch set we also have included 2 reference implementations of crypto
PMDs. Currently both implementations  support AES128-CBC with
HMAC_SHA1/SHA256/SHA512 authentication operations. The first device is a purely
 software PMD based on Intel's multi-buffer library, which utilises both
AES-NI instructions and vector operations to accelerate crypto operations and
the second PMD utilises Intel's Quick Assist Technology (on DH895xxC) to provide
hardware accelerated crypto operations.

The API set supports two functional modes of operation:

1, A session oriented mode. In this mode the user creates a crypto session
which defines all the immutable data required to perform a particular crypto
operation in advance, including cipher/hash algorithms and operations to be
performed as well as the keys to used etc. The session is then referenced by
the crypto operation data structure which is a data structure specific to each
mbuf. It is contains all mutable data about the cryto operation to be
performed, such as data offsets and lengths into the mbuf's data payload for
cipher and hash operations to be performed.

2, A session-less mode. In this mode the user is able to provision crypto
operations on an mbuf without the need to have a cached session created in
advance, but at the cost of entailing the overhead of calculating
authentication pre-computes and preforming key expansions in-line with the
crypto operation. The crypto xform chain is directly attached to the op struct
in this mode, so the op struct now contains all of the immutable crypto operation
parameters that would be normally set within a session. Once all mutable and
immutable parameters are set the crypto operation data structure can be attached
to the specified mbuf and enqueued on a specified crypto device for processing.

The patch set contains the following features:
- Crypto device APIs and device framework
- Implementation of a software crypto PMD based on multi-buffer library
- Implementation of a hardware crypto PMD baed on Intel QAT(DH895xxC)
- Unit and performance test's which give and example of utilising the crypto API's.
- Sample application which performs crypto operations on the IP payload of the
  packets being forwarded

Current Status:
There is no support for chained mbuf's and as mentioned above the PMD's
have currently implemented support for AES128-CBC/AES256-CBC/AES512-CBC
and HMAC_SHA1/SHA256/SHA512.


v2: 
 - Introduces a new library to support attaching offload operations to a mbuf
 - Remove unused APIs from cryptodev
 - PMD code refactor due to new rte_mbuf_offload structure
 - General bug fixes and code tidy up


Declan Doherty (6):
  cryptodev: Initial DPDK Crypto APIs and device framework release
  mbuf_offload: library to support attaching offloads to a mbuf
  qat_crypto_pmd: Addition of a new QAT DPDK PMD.
  aesni_mb_pmd: Initial implementation of multi buffer based crypto
    device
  app/test: add cryptodev unit and performance tests
  l2fwd-crypto: crypto

 app/test/Makefile                                  |    3 +
 app/test/test.c                                    |   92 +-
 app/test/test.h                                    |   34 +-
 app/test/test_cryptodev.c                          | 1924 ++++++++++++++++++++
 app/test/test_cryptodev.h                          |   68 +
 app/test/test_cryptodev_perf.c                     | 1449 +++++++++++++++
 app/test/test_link_bonding.c                       |    6 +-
 app/test/test_link_bonding_mode4.c                 |    7 +-
 config/common_bsdapp                               |   37 +-
 config/common_linuxapp                             |   36 +-
 doc/api/doxy-api-index.md                          |    1 +
 doc/api/doxy-api.conf                              |    1 +
 doc/guides/cryptodevs/aesni_mb.rst                 |   76 +
 doc/guides/cryptodevs/index.rst                    |   43 +
 doc/guides/cryptodevs/qat.rst                      |  188 ++
 doc/guides/index.rst                               |    1 +
 drivers/Makefile                                   |    1 +
 drivers/crypto/Makefile                            |   38 +
 drivers/crypto/aesni_mb/Makefile                   |   67 +
 drivers/crypto/aesni_mb/aesni_mb_ops.h             |  212 +++
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c         |  790 ++++++++
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c     |  296 +++
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h |  230 +++
 drivers/crypto/aesni_mb/rte_pmd_aesni_version.map  |    3 +
 drivers/crypto/qat/Makefile                        |   63 +
 .../qat/qat_adf/adf_transport_access_macros.h      |  173 ++
 drivers/crypto/qat/qat_adf/icp_qat_fw.h            |  316 ++++
 drivers/crypto/qat/qat_adf/icp_qat_fw_la.h         |  404 ++++
 drivers/crypto/qat/qat_adf/icp_qat_hw.h            |  306 ++++
 drivers/crypto/qat/qat_adf/qat_algs.h              |  125 ++
 drivers/crypto/qat/qat_adf/qat_algs_build_desc.c   |  578 ++++++
 drivers/crypto/qat/qat_crypto.c                    |  547 ++++++
 drivers/crypto/qat/qat_crypto.h                    |  113 ++
 drivers/crypto/qat/qat_logs.h                      |   78 +
 drivers/crypto/qat/qat_qp.c                        |  416 +++++
 drivers/crypto/qat/rte_pmd_qat_version.map         |    3 +
 drivers/crypto/qat/rte_qat_cryptodev.c             |  130 ++
 examples/l2fwd-crypto/Makefile                     |   50 +
 examples/l2fwd-crypto/main.c                       | 1472 +++++++++++++++
 lib/Makefile                                       |    2 +
 lib/librte_cryptodev/Makefile                      |   60 +
 lib/librte_cryptodev/rte_crypto.h                  |  604 ++++++
 lib/librte_cryptodev/rte_cryptodev.c               | 1065 +++++++++++
 lib/librte_cryptodev/rte_cryptodev.h               |  619 +++++++
 lib/librte_cryptodev/rte_cryptodev_pmd.h           |  529 ++++++
 lib/librte_cryptodev/rte_cryptodev_version.map     |   41 +
 lib/librte_eal/common/include/rte_common.h         |   15 +
 lib/librte_eal/common/include/rte_eal.h            |   14 +
 lib/librte_eal/common/include/rte_log.h            |    1 +
 lib/librte_eal/common/include/rte_memory.h         |   14 +-
 lib/librte_ether/rte_ethdev.c                      |   30 -
 lib/librte_mbuf/rte_mbuf.h                         |   36 +-
 lib/librte_mbuf_offload/Makefile                   |   52 +
 lib/librte_mbuf_offload/rte_mbuf_offload.c         |  100 +
 lib/librte_mbuf_offload/rte_mbuf_offload.h         |  289 +++
 .../rte_mbuf_offload_version.map                   |    7 +
 mk/rte.app.mk                                      |    9 +
 57 files changed, 13784 insertions(+), 80 deletions(-)
 create mode 100644 app/test/test_cryptodev.c
 create mode 100644 app/test/test_cryptodev.h
 create mode 100644 app/test/test_cryptodev_perf.c
 create mode 100644 doc/guides/cryptodevs/aesni_mb.rst
 create mode 100644 doc/guides/cryptodevs/index.rst
 create mode 100644 doc/guides/cryptodevs/qat.rst
 create mode 100644 drivers/crypto/Makefile
 create mode 100644 drivers/crypto/aesni_mb/Makefile
 create mode 100644 drivers/crypto/aesni_mb/aesni_mb_ops.h
 create mode 100644 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
 create mode 100644 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
 create mode 100644 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h
 create mode 100644 drivers/crypto/aesni_mb/rte_pmd_aesni_version.map
 create mode 100644 drivers/crypto/qat/Makefile
 create mode 100644 drivers/crypto/qat/qat_adf/adf_transport_access_macros.h
 create mode 100644 drivers/crypto/qat/qat_adf/icp_qat_fw.h
 create mode 100644 drivers/crypto/qat/qat_adf/icp_qat_fw_la.h
 create mode 100644 drivers/crypto/qat/qat_adf/icp_qat_hw.h
 create mode 100644 drivers/crypto/qat/qat_adf/qat_algs.h
 create mode 100644 drivers/crypto/qat/qat_adf/qat_algs_build_desc.c
 create mode 100644 drivers/crypto/qat/qat_crypto.c
 create mode 100644 drivers/crypto/qat/qat_crypto.h
 create mode 100644 drivers/crypto/qat/qat_logs.h
 create mode 100644 drivers/crypto/qat/qat_qp.c
 create mode 100644 drivers/crypto/qat/rte_pmd_qat_version.map
 create mode 100644 drivers/crypto/qat/rte_qat_cryptodev.c
 create mode 100644 examples/l2fwd-crypto/Makefile
 create mode 100644 examples/l2fwd-crypto/main.c
 create mode 100644 lib/librte_cryptodev/Makefile
 create mode 100644 lib/librte_cryptodev/rte_crypto.h
 create mode 100644 lib/librte_cryptodev/rte_cryptodev.c
 create mode 100644 lib/librte_cryptodev/rte_cryptodev.h
 create mode 100644 lib/librte_cryptodev/rte_cryptodev_pmd.h
 create mode 100644 lib/librte_cryptodev/rte_cryptodev_version.map
 create mode 100644 lib/librte_mbuf_offload/Makefile
 create mode 100644 lib/librte_mbuf_offload/rte_mbuf_offload.c
 create mode 100644 lib/librte_mbuf_offload/rte_mbuf_offload.h
 create mode 100644 lib/librte_mbuf_offload/rte_mbuf_offload_version.map

-- 
2.4.3



More information about the dev mailing list