[dpdk-dev] [PATCH 2/4] crypto/dpaa_sec: add crypto driver for NXP DPAA platform

Akhil Goyal akhil.goyal at nxp.com
Tue Oct 3 10:45:14 CEST 2017
Previous message: [dpdk-dev] [dpdk-stable] [PATCH] net/sfc: add device state check to reta update operation
Next message: [dpdk-dev] [PATCH 3/4] test/crypto: add dpaa crypto test cases
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Pablo,

On 9/18/2017 11:41 PM, De Lara Guarch, Pablo wrote:
> 
> 
>> -----Original Message-----
>> From: Akhil Goyal [mailto:akhil.goyal at nxp.com]
>> Sent: Thursday, August 24, 2017 1:01 AM
>> To: dev at dpdk.org; De Lara Guarch, Pablo
>> <pablo.de.lara.guarch at intel.com>
>> Cc: Doherty, Declan <declan.doherty at intel.com>; Mcnamara, John
>> <john.mcnamara at intel.com>; hemant.agrawal at nxp.com; Akhil Goyal
>> <akhil.goyal at nxp.com>
>> Subject: [PATCH 2/4] crypto/dpaa_sec: add crypto driver for NXP DPAA
>> platform
>>
>> Signed-off-by: Forrest Shi <xuelin.shi at nxp.com>
>> Signed-off-by: Akhil Goyal <akhil.goyal at nxp.com>
>> Signed-off-by: Hemant Agrawal <hemant.agrawal at nxp.com>
>> ---
>>   MAINTAINERS                                        |    5 +
>>   config/common_base                                 |    8 +
>>   config/defconfig_arm64-dpaa-linuxapp-gcc           |   14 +
>>   drivers/Makefile                                   |    2 +-
>>   drivers/crypto/Makefile                            |    2 +
>>   drivers/crypto/dpaa_sec/Makefile                   |   71 +
>>   drivers/crypto/dpaa_sec/dpaa_sec.c                 | 1552
>> ++++++++++++++++++++
>>   drivers/crypto/dpaa_sec/dpaa_sec.h                 |  403 +++++
>>   drivers/crypto/dpaa_sec/dpaa_sec_log.h             |   70 +
>>   .../crypto/dpaa_sec/rte_pmd_dpaa_sec_version.map   |    4 +
>>   mk/rte.app.mk                                      |    6 +
>>   11 files changed, 2136 insertions(+), 1 deletion(-)
>>   create mode 100644 drivers/crypto/dpaa_sec/Makefile
>>   create mode 100644 drivers/crypto/dpaa_sec/dpaa_sec.c
>>   create mode 100644 drivers/crypto/dpaa_sec/dpaa_sec.h
>>   create mode 100644 drivers/crypto/dpaa_sec/dpaa_sec_log.h
>>   create mode 100644
>> drivers/crypto/dpaa_sec/rte_pmd_dpaa_sec_version.map
>>
>> diff --git a/MAINTAINERS b/MAINTAINERS
>> index 48afbfc..24b3b41 100644
> 
> ...
> 
>> +
>> +include $(RTE_SDK)/mk/rte.lib.mk
>> diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c
>> b/drivers/crypto/dpaa_sec/dpaa_sec.c
>> new file mode 100644
>> index 0000000..c8f8be9
>> --- /dev/null
>> +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
>> @@ -0,0 +1,1552 @@
>> +/*-
>> + *   BSD LICENSE
>> + *
> 
> ...
> 
>> +
>> +static inline struct dpaa_sec_op_ctx *
>> +dpaa_sec_alloc_ctx(dpaa_sec_session *ses)
>> +{
>> +	struct dpaa_sec_op_ctx *ctx;
>> +	int retval;
>> +
>> +	retval = rte_mempool_get(ses->ctx_pool, (void **)(&ctx));
>> +	if (!ctx || retval) {
>> +		PMD_TX_LOG(ERR, "Alloc sec descriptor failed!");
>> +		return NULL;
>> +	}
>> +	dcbz_64(&ctx->job.sg[0]);
>> +	dcbz_64(&ctx->job.sg[5]);
>> +	dcbz_64(&ctx->job.sg[9]);
>> +	dcbz_64(&ctx->job.sg[13]);
> 
> Are these numbers ok? First, you should define macros for them, but it looks strange
> that there is a gap of 5 between the first and the second, and the rest has a gap of 4.
> 
>> +
>> +	ctx->ctx_pool = ses->ctx_pool;
>> +
>> +	return ctx;
>> +}
>> +
> 
> ...
> 
>> +/* prepare command block of the session */
>> +static int
>> +dpaa_sec_prep_cdb(dpaa_sec_session *ses)
>> +{
>> +	struct alginfo alginfo_c = {0}, alginfo_a = {0}, alginfo = {0};
>> +	uint32_t shared_desc_len = 0;
>> +	struct sec_cdb *cdb = &ses->qp->cdb;
>> +	int err;
>> +#if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
>> +	int swap = false;
>> +#else
>> +	int swap = true;
>> +#endif
>> +
>> +	memset(cdb, 0, sizeof(struct sec_cdb));
>> +
>> +	if (is_cipher_only(ses)) {
>> +		caam_cipher_alg(ses, &alginfo_c);
>> +		if (alginfo_c.algtype == (unsigned
>> int)DPAA_SEC_ALG_UNSUPPORT) {
>> +			PMD_TX_LOG(ERR, "not supported cipher alg\n");
>> +			return -1;
> 
> You could use -ENOTSUP, instead of -1.
> I also checked that this function is called, but the return value is not verified,
> so either check it when calling it, or change the return type to "void".
> 
>> +		}
>> +
>> +		alginfo_c.key = (uint64_t)ses->cipher_key.data;
>> +		alginfo_c.keylen = ses->cipher_key.length;
>> +		alginfo_c.key_enc_flags = 0;
>> +		alginfo_c.key_type = RTA_DATA_IMM;
>> +
>> +		shared_desc_len = cnstr_shdsc_blkcipher(
>> +						cdb->sh_desc, true,
>> +						swap, &alginfo_c,
>> +						NULL,
>> +						ses->iv.length,
>> +						ses->dir);
> 
> ...
> 
>> +static uint16_t
>> +dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op **ops,
>> +		       uint16_t nb_ops)
>> +{
>> +	/* Function to transmit the frames to given device and queuepair */
>> +	uint32_t loop;
>> +	int32_t ret;
>> +	struct dpaa_sec_qp *dpaa_qp = (struct dpaa_sec_qp *)qp;
>> +	uint16_t num_tx = 0;
>> +
>> +	if (unlikely(nb_ops == 0))
>> +		return 0;
>> +
>> +	if (ops[0]->sess_type != RTE_CRYPTO_OP_WITH_SESSION) {
>> +		PMD_TX_LOG(ERR, "sessionless crypto op not supported");
>> +		return 0;
>> +	}
> 
> Each operation is independent from the other ones, so that means that some operations
> could have a session, while others not. Shouldn't you check each operation?
>> +
>> +	/*Prepare each packet which is to be sent*/
>> +	for (loop = 0; loop < nb_ops; loop++) {
>> +		ret = dpaa_sec_enqueue_op(ops[loop], dpaa_qp);
>> +		if (!ret)
>> +			num_tx++;
>> +	}
>> +	dpaa_qp->tx_pkts += num_tx;
>> +	dpaa_qp->tx_errs += nb_ops - num_tx;
>> +
>> +	return num_tx;
>> +}
>> +
> 
> ...
> 
>> +/** Release queue pair */
>> +static int
>> +dpaa_sec_queue_pair_release(struct rte_cryptodev *dev,
>> +			    uint16_t qp_id)
>> +{
>> +	struct dpaa_sec_dev_private *internals;
>> +	struct dpaa_sec_qp *qp = NULL;
>> +
>> +	PMD_INIT_FUNC_TRACE();
>> +
>> +	PMD_INIT_LOG(DEBUG, "dev =%p, queue =%d", dev, qp_id);
>> +
>> +	internals = dev->data->dev_private;
>> +	if (qp_id >= internals->max_nb_queue_pairs) {
>> +		PMD_INIT_LOG(ERR, "Max supported qpid %d",
>> +			     internals->max_nb_queue_pairs);
>> +		return -1;
>> +	}
> 
> Better to return -EINVAL.
> 
>> +
>> +	qp = &internals->qps[qp_id];
>> +	qp->internals = NULL;
>> +	dev->data->queue_pairs[qp_id] = NULL;
>> +
>> +	return 0;
>> +}
>> +
>> +/** Setup a queue pair */
>> +static int
>> +dpaa_sec_queue_pair_setup(struct rte_cryptodev *dev, uint16_t qp_id,
>> +		__rte_unused const struct rte_cryptodev_qp_conf
>> *qp_conf,
>> +		__rte_unused int socket_id,
>> +		__rte_unused struct rte_mempool *session_pool)
>> +{
>> +	struct dpaa_sec_dev_private *internals;
>> +	struct dpaa_sec_qp *qp = NULL;
>> +
>> +	PMD_INIT_LOG(DEBUG, "dev =%p, queue =%d, conf =%p",
>> +		     dev, qp_id, qp_conf);
>> +
>> +	internals = dev->data->dev_private;
>> +	if (qp_id >= internals->max_nb_queue_pairs) {
>> +		PMD_INIT_LOG(ERR, "Max supported qpid %d",
>> +			     internals->max_nb_queue_pairs);
>> +		return -1;
>> +	}
> 
> Better to return -EINVAL.
> 
>> +
>> +	qp = &internals->qps[qp_id];
>> +	qp->internals = internals;
>> +	dev->data->queue_pairs[qp_id] = qp;
>> +
>> +	return 0;
>> +}
>> +
> 
> ...
> 
> 
>> +static
>> +void dpaa_sec_stats_get(struct rte_cryptodev *dev __rte_unused,
>> +			struct rte_cryptodev_stats *stats __rte_unused)
> 
> "static void" should be in the same line. Anyway, if this function is not going to be implemented,
> then it is probably better to just remove it, so when rte_cryptodev_stats_get() gets called,
> it will return -ENOTSUP, as the PMD does not actually support this. Same for the next function.
> 
>> +{
>> +	PMD_INIT_FUNC_TRACE();
>> +	/* -ENOTSUP; */
>> +}
>> +
>> +static
>> +void dpaa_sec_stats_reset(struct rte_cryptodev *dev __rte_unused)
>> +{
>> +	PMD_INIT_FUNC_TRACE();
>> +	/* -ENOTSUP; */
>> +}
>> +
> 
> ...
> 
>> diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h
>> b/drivers/crypto/dpaa_sec/dpaa_sec.h
>> new file mode 100644
>> index 0000000..2677f8b
>> --- /dev/null
>> +++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
>> @@ -0,0 +1,403 @@
> 
> ...
> 
>> +static const struct rte_cryptodev_capabilities dpaa_sec_capabilities[] = {
>> +	{	/* MD5 HMAC */
>> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
>> +		{.sym = {
>> +			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
>> +			{.auth = {
>> +				.algo = RTE_CRYPTO_AUTH_MD5_HMAC,
>> +				.block_size = 64,
>> +				.key_size = {
>> +					.min = 1,
>> +					.max = 64,
>> +					.increment = 1
>> +				},
>> +				.digest_size = {
>> +					.min = 16,
>> +					.max = 16,
>> +					.increment = 0
>> +				},
>> +				.aad_size = { 0 }
> 
> No need to include aad_size here, as it is only applicable to AEAD algorithms.
> I just realized that this was left after the rework done in 17.08.
> Unfortunately, removing it will be an API change, so it will not be removed at least until 18.02.
> As it is not used, we should remove it from here, to avoid confusion.
> 
>> +			}, }
>> +		}, }
>> +	},
> 
> ...
> 
>> +	{	/* SHA256 HMAC */
>> +		.op = RTE_CRYPTO_OP_TYPE_SYMMETRIC,
>> +		{.sym = {
>> +			.xform_type = RTE_CRYPTO_SYM_XFORM_AUTH,
>> +			{.auth = {
>> +				.algo = RTE_CRYPTO_AUTH_SHA256_HMAC,
>> +				.block_size = 64,
>> +				.key_size = {
>> +					.min = 1,
>> +					.max = 64,
>> +					.increment = 1
>> +				},
>> +				.digest_size = {
>> +						.min = 32,
>> +						.max = 32,
>> +						.increment = 0
>> +					},
> 
> Unnecessary extra tab.
> 
>> +					.aad_size = { 0 }
>> +				}, }
>> +			}, }
> 
> 
Thanks for your comments. I would incorporate all the comments in my v2.

-Akhil
Previous message: [dpdk-dev] [dpdk-stable] [PATCH] net/sfc: add device state check to reta update operation
Next message: [dpdk-dev] [PATCH 3/4] test/crypto: add dpaa crypto test cases
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the dev mailing list