[dpdk-dev] [PATCH v3 0/8] crypto/security session framework rework

[Hemant Agrawal]

Series-
Acked-by:  Hemant Agrawal <hemant.agrawal at nxp.com>


> -----Original Message-----
> From: dev <dev-bounces at dpdk.org> On Behalf Of Akhil Goyal
> Sent: Tuesday, October 19, 2021 3:05 AM
> To: dev at dpdk.org
> Cc: thomas at monjalon.net; david.marchand at redhat.com; Hemant Agrawal
> <hemant.agrawal at nxp.com>; anoobj at marvell.com;
> pablo.de.lara.guarch at intel.com; fiona.trahe at intel.com;
> declan.doherty at intel.com; matan at nvidia.com; Gagandeep Singh
> <G.Singh at nxp.com>; roy.fan.zhang at intel.com; jianjay.zhou at huawei.com;
> asomalap at amd.com; ruifeng.wang at arm.com;
> konstantin.ananyev at intel.com; radu.nicolau at intel.com;
> ajit.khaparde at broadcom.com; rnagadheeraj at marvell.com;
> adwivedi at marvell.com; ciara.power at intel.com; haiyue.wang at intel.com;
> jiawenwu at trustnetic.com; jianwang at trustnetic.com; Akhil Goyal
> <gakhil at marvell.com>
> Subject: [dpdk-dev] [PATCH v3 0/8] crypto/security session framework
> rework
> Importance: High
> 
> As discussed in last release deprecation notice, crypto and security session
> framework are reworked to reduce the need of two mempool objects and
> remove the requirement to expose the rte_security_session and
> rte_cryptodev_sym_session structures.
> Design methodology is explained in the patch description.
> 
> Similar work will need to be done for asymmetric sessions as well.
> Asymmetric session need another rework and is postponed to next release.
> Since it is still in experimental stage, we can modify the APIs in next release as
> well.
> 
> The patches are compilable with all affected PMDs and tested with dpdk-test
> and test-crypto-perf app on CN9k platform.
> 
> The series is rebased over "cryptodev: hide internal structures"
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpatch
> work.dpdk.org%2Fproject%2Fdpdk%2Flist%2F%3Fseries%3D19749&dat
> a=04%7C01%7Chemant.agrawal%40nxp.com%7C670e1914f95c49cbd24608d
> 9927f2b28%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C6377018
> 97169217767%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJ
> QIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=KPG
> ZGoNXdfucnr3yA422eGc6EO%2BdXqCj3VSo7IlbX94%3D&reserved=0
> 
> Changes in v3
> - rebased over next-crypto TOT
> - Release notes updated and deprecation notice removed.
> - Documentation updates.
> - fix session less crypto
> - fix asym crypto issue for qp setup
> - add sess_iova param to PMD session configure APIs to pass physical address
> of session pointer.
> - rework cnxk net PMD based on the new session framework.
> - added missing op to get size of security session private data
> 
> Changes in v2:
> - Added new parameter iova in PMD session configure APIs for
>   session priv pointer to be used in QAT/CNXK/etc PMDs.
> - Hide rte_cryptodev_sym_session and rte_security_session structs.
> - Added compilation workaround for net PMDs(ixgbe/txgbe)
>   for inline ipsec.
>   Patches with actual fix is beynd the scope of this patchset.
> - Added inline APIs to access the opaque data and fast metadata.
> - Remove commented code.
> 
> TODO
> - Asym APIs - postponed for next release.
> 
> 
> Akhil Goyal (8):
>   security: rework session framework
>   security: hide security session struct
>   net/cnxk: rework security session framework
>   security: pass session iova in PMD sess create
>   drivers/crypto: support security session get size op
>   cryptodev: rework session framework
>   cryptodev: hide sym session structure
>   cryptodev: pass session iova in configure session
> 
>  app/test-crypto-perf/cperf.h                  |   1 -
>  app/test-crypto-perf/cperf_ops.c              |  46 ++--
>  app/test-crypto-perf/cperf_ops.h              |   6 +-
>  app/test-crypto-perf/cperf_test_latency.c     |   5 +-
>  app/test-crypto-perf/cperf_test_latency.h     |   1 -
>  .../cperf_test_pmd_cyclecount.c               |   7 +-
>  .../cperf_test_pmd_cyclecount.h               |   1 -
>  app/test-crypto-perf/cperf_test_throughput.c  |   5 +-
>  app/test-crypto-perf/cperf_test_throughput.h  |   1 -
>  app/test-crypto-perf/cperf_test_verify.c      |   5 +-
>  app/test-crypto-perf/cperf_test_verify.h      |   1 -
>  app/test-crypto-perf/main.c                   |  29 +--
>  app/test/test_cryptodev.c                     | 147 ++++---------
>  app/test/test_cryptodev.h                     |   1 -
>  app/test/test_cryptodev_asym.c                |   3 +-
>  app/test/test_cryptodev_blockcipher.c         |   6 +-
>  app/test/test_event_crypto_adapter.c          |  28 +--
>  app/test/test_ipsec.c                         |  34 +--
>  app/test/test_ipsec_perf.c                    |   4 +-
>  app/test/test_security.c                      | 196 ++++--------------
>  doc/guides/prog_guide/cryptodev_lib.rst       |  10 +-
>  doc/guides/prog_guide/rte_security.rst        |  11 +-
>  doc/guides/rel_notes/deprecation.rst          |   9 -
>  doc/guides/rel_notes/release_21_11.rst        |  14 ++
>  drivers/crypto/armv8/armv8_pmd_private.h      |   2 -
>  drivers/crypto/armv8/rte_armv8_pmd.c          |  21 +-
>  drivers/crypto/armv8/rte_armv8_pmd_ops.c      |  34 +--
>  drivers/crypto/bcmfs/bcmfs_sym_session.c      |  36 +---
>  drivers/crypto/bcmfs/bcmfs_sym_session.h      |   6 +-
>  drivers/crypto/caam_jr/caam_jr.c              |  71 ++-----
>  drivers/crypto/ccp/ccp_pmd_ops.c              |  32 +--
>  drivers/crypto/ccp/ccp_pmd_private.h          |   2 -
>  drivers/crypto/ccp/rte_ccp_pmd.c              |  24 +--
>  drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  24 +--
>  drivers/crypto/cnxk/cn10k_ipsec.c             |  53 +----
>  drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  20 +-
>  drivers/crypto/cnxk/cn9k_ipsec.c              |  75 +++----
>  drivers/crypto/cnxk/cnxk_cryptodev_ops.c      |  61 ++----
>  drivers/crypto/cnxk/cnxk_cryptodev_ops.h      |  16 +-
>  drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  76 ++-----
>  drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c   |   3 +-
>  drivers/crypto/dpaa_sec/dpaa_sec.c            |  75 ++-----
>  drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c     |   3 +-
>  drivers/crypto/ipsec_mb/ipsec_mb_ops.c        |  32 +--
>  drivers/crypto/ipsec_mb/ipsec_mb_private.h    |  29 +--
>  drivers/crypto/ipsec_mb/pmd_aesni_gcm.c       |  23 +-
>  drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  40 ++--
>  drivers/crypto/ipsec_mb/pmd_chacha_poly.c     |   1 -
>  drivers/crypto/ipsec_mb/pmd_kasumi.c          |   1 -
>  drivers/crypto/ipsec_mb/pmd_snow3g.c          |   1 -
>  drivers/crypto/ipsec_mb/pmd_zuc.c             |   1 -
>  drivers/crypto/mlx5/mlx5_crypto.c             |  25 +--
>  drivers/crypto/mvsam/mrvl_pmd_private.h       |   3 -
>  drivers/crypto/mvsam/rte_mrvl_pmd.c           |   3 +-
>  drivers/crypto/mvsam/rte_mrvl_pmd_ops.c       |  55 ++---
>  drivers/crypto/nitrox/nitrox_sym.c            |  33 +--
>  drivers/crypto/null/null_crypto_pmd.c         |  20 +-
>  drivers/crypto/null/null_crypto_pmd_ops.c     |  34 +--
>  drivers/crypto/null/null_crypto_pmd_private.h |   2 -
>  .../crypto/octeontx/otx_cryptodev_hw_access.h |   1 -
>  drivers/crypto/octeontx/otx_cryptodev_ops.c   |  68 +++---
>  drivers/crypto/octeontx2/otx2_cryptodev_ops.c |  63 +++---
>  .../octeontx2/otx2_cryptodev_ops_helper.h     |  16 +-
>  drivers/crypto/octeontx2/otx2_cryptodev_qp.h  |   2 -
>  drivers/crypto/octeontx2/otx2_cryptodev_sec.c |  77 +++----
>  drivers/crypto/openssl/openssl_pmd_private.h  |   2 -
>  drivers/crypto/openssl/rte_openssl_pmd.c      |  18 +-
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c  |  35 +---
>  drivers/crypto/qat/qat_sym.c                  |   3 +-
>  drivers/crypto/qat/qat_sym.h                  |   8 +-
>  drivers/crypto/qat/qat_sym_pmd.c              |   1 +
>  drivers/crypto/qat/qat_sym_session.c          |  72 ++-----
>  drivers/crypto/qat/qat_sym_session.h          |  17 +-
>  drivers/crypto/scheduler/scheduler_pmd_ops.c  |  10 +-
>  drivers/crypto/virtio/virtio_cryptodev.c      |  32 +--
>  .../octeontx2/otx2_evdev_crypto_adptr_rx.h    |   3 +-
>  drivers/net/cnxk/cn10k_ethdev_sec.c           |  64 +++---
>  drivers/net/cnxk/cn9k_ethdev_sec.c            |  59 ++----
>  drivers/net/cnxk/cnxk_ethdev.c                |   6 +-
>  drivers/net/cnxk/cnxk_ethdev.h                |   6 -
>  drivers/net/cnxk/cnxk_ethdev_sec.c            |  21 --
>  drivers/net/ixgbe/ixgbe_ipsec.c               |  38 +---
>  drivers/net/octeontx2/otx2_ethdev_sec.c       |  52 ++---
>  drivers/net/octeontx2/otx2_ethdev_sec_tx.h    |   2 +-
>  drivers/net/txgbe/txgbe_ipsec.c               |  38 +---
>  examples/fips_validation/fips_dev_self_test.c |  32 +--
>  examples/fips_validation/main.c               |  20 +-
>  examples/ipsec-secgw/ipsec-secgw.c            |  40 ----
>  examples/ipsec-secgw/ipsec.c                  |  12 +-
>  examples/ipsec-secgw/ipsec.h                  |   1 -
>  examples/ipsec-secgw/ipsec_worker.c           |   4 -
>  examples/l2fwd-crypto/main.c                  |  41 +---
>  examples/vhost_crypto/main.c                  |  16 +-
>  lib/cryptodev/cryptodev_pmd.h                 |  33 ++-
>  lib/cryptodev/rte_crypto.h                    |   2 +-
>  lib/cryptodev/rte_crypto_sym.h                |   2 +-
>  lib/cryptodev/rte_cryptodev.c                 |  91 ++++----
>  lib/cryptodev/rte_cryptodev.h                 |  70 +++----
>  lib/cryptodev/rte_cryptodev_trace.h           |  16 +-
>  lib/ipsec/rte_ipsec.h                         |   4 +-
>  lib/ipsec/rte_ipsec_group.h                   |  13 +-
>  lib/ipsec/ses.c                               |   6 +-
>  lib/pipeline/rte_table_action.c               |   8 +-
>  lib/pipeline/rte_table_action.h               |   2 +-
>  lib/security/rte_security.c                   |  32 +--
>  lib/security/rte_security.h                   |  85 +++++---
>  lib/security/rte_security_driver.h            |  31 ++-
>  lib/vhost/rte_vhost_crypto.h                  |   3 -
>  lib/vhost/vhost_crypto.c                      |   7 +-
>  109 files changed, 913 insertions(+), 1880 deletions(-)
> 
> --
> 2.25.1