[dpdk-dev] [PATCH v2 00/27] Crypto operation restructuring
Pablo de Lara
pablo.de.lara.guarch at intel.com
Mon Jun 26 12:22:33 CEST 2017
This patchset attempts to correct and improve the current crypto operation
(rte_crypto_op) and symmetric crypto operation (rte_crypto_sym_op) structures,
shrinking their sizes to fit both structures into two 64-byte cache lines
(with extra space for the IV and other user data) as one of the goals.
It also introduces new AEAD algorithm specific parameters, to simplify
its setup with a single transform, instead of a concatenation of a cipher
and an authentication transform.
The following changes are made:
In rte_crypto_op:
- Moved session type (with session/sessionless) from symmetric op to crypto op,
as this could be used for other types
- Combined operation type, operation status and session type into a 64-bit flag (each one taking 1 byte),
instead of having enums taking 4 bytes each
- Removed opaque data from crypto operation, as private data can be allocated
just after the symmetric (or other type) crypto operation
- Modified symmetric operation pointer to zero-array, as the symmetric op should be always after the crypto operation
- Removed unnecessary cache alignment
In rte_crypto_sym_xform:
- Added IV length and offset in sym_xform, so these will be fixed for all the operations in a session
- Added a new AEAD transform
- Added IV for authentication and AEAD transforms
- Removed AAD length from authentication transform, as it is only used for AEAD algorithms
In rte_crypto_sym_op:
- Removed IV parameters, which will be only in the session.
- Added AEAD specific parameters.
- Create union with the new AEAD parameters and the cipher/authentication parameters,
as the three cannot be used at the same time
- Removed digest length from sym crypto op, so this length will be fixed for all the operations in a session
- Removed AAD length from sym crypto op, so this length will be fixed for all operations in a session
- Removed AAD from authentication structure, as it is only used for AEAD algorithms
- Added zero-array at the end of sym crypto op to be used to get extra allocated memory (IV + other user data)
In terms of algorithm usage:
- AEAD algorithms (like AES-GCM) are set up only using the AEAD structure
- AES GMAC will be an authentication only algorithm, using the source buffer directly, instead of AAD field
- Wireless algorithms (like SNOW3G) do not use AAD field for authentication IV anymore, as this is available now.
Finally, a comparison between the previous operation and the new operation:
Previous rte_crypto_op (40 bytes) and rte_crypto_sym_op (114 bytes) structures:
struct rte_crypto_op {
enum rte_crypto_op_type type;
enum rte_crypto_op_status status;
struct rte_mempool *mempool;
phys_addr_t phys_addr;
void *opaque_data;
union {
struct rte_crypto_sym_op *sym;
};
} __rte_cache_aligned;
struct rte_crypto_sym_op {
struct rte_mbuf *m_src;
struct rte_mbuf *m_dst;
enum rte_crypto_sym_op_sess_type sess_type;
RTE_STD_C11
union {
struct rte_cryptodev_sym_session *session;
struct rte_crypto_sym_xform *xform;
};
struct {
struct {
uint32_t offset;
uint32_t length;
} data;
struct {
uint8_t *data;
phys_addr_t phys_addr;
uint16_t length;
} iv;
} cipher;
struct {
struct {
uint32_t offset;
uint32_t length;
} data;
struct {
uint8_t *data;
phys_addr_t phys_addr;
uint16_t length;
} digest; /**< Digest parameters */
struct {
uint8_t *data;
phys_addr_t phys_addr;
uint16_t length;
} aad;
} auth;
} __rte_cache_aligned;
New rte_crypto_op (24 bytes) and rte_crypto_sym_op (72 bytes) structures:
struct rte_crypto_op {
uint64_t type: 8;
uint64_t status: 8;
uint64_t sess_type: 8;
struct rte_mempool *mempool;
phys_addr_t phys_addr;
RTE_STD_C11
union {
struct rte_crypto_sym_op sym[0];
};
} __rte_cache_aligned;
struct rte_crypto_sym_op {
struct rte_mbuf *m_src;
struct rte_mbuf *m_dst;
union {
struct rte_cryptodev_sym_session *session;
/**< Handle for the initialised session context */
struct rte_crypto_sym_xform *xform;
/**< Session-less API Crypto operation parameters */
};
union {
struct {
struct {
uint32_t offset;
uint32_t length;
} data; /**< Data offsets and length for AEAD */
struct {
uint8_t *data;
phys_addr_t phys_addr;
} digest; /**< Digest parameters */
struct {
uint8_t *data;
phys_addr_t phys_addr;
} aad;
/**< Additional authentication parameters */
} aead;
struct {
struct {
struct {
uint32_t offset;
uint32_t length;
} data; /**< Data offsets and length for ciphering */
} cipher;
struct {
struct {
uint32_t offset;
uint32_t length;
} data;
/**< Data offsets and length for authentication */
struct {
uint8_t *data;
phys_addr_t phys_addr;
} digest; /**< Digest parameters */
} auth;
};
};
};
Changes in v2:
- Added AEAD structures
- Added authentication IV (used for AES-GMAC and wireless algorithms)
- Modified all applications with the changes
- Modified all drivers with the changes
- Moved AAD length to the crypto session
- Rebased against latest dpdk-next-crypto
- Added documentation changes
Pablo de Lara (27):
cryptodev: move session type to generic crypto op
cryptodev: replace enums with 1-byte variables
cryptodev: remove opaque data pointer in crypto op
cryptodev: do not store pointer to op specific params
cryptodev: remove useless alignment
cryptodev: add crypto op helper macros
crypto/qat: fix KASUMI authentication
test/crypto: move IV to crypto op private data
test/crypto-perf: move IV to crypto op private data
app/crypto-perf: move IV to crypto op private data
examples/l2fwd-crypto: move IV to crypto op private data
examples/ipsec-secgw: move IV to crypto op private data
cryptodev: pass IV as offset
cryptodev: move IV parameters to crypto session
cryptodev: add auth IV
cryptodev: do not use AAD in wireless algorithms
cryptodev: remove AAD length from crypto op
cryptodev: remove digest length from crypto op
cryptodev: set AES-GMAC as auth-only algo
cryptodev: add AEAD specific data
cryptodev: add AEAD parameters in crypto operation
examples/l2fwd-crypto: avoid too many tabs
app/test-crypto-perf: add AEAD parameters
examples/ipsec-secgw: add AEAD parameters
examples/l2fwd-crypto: add AEAD parameters
cryptodev: use AES-GCM/CCM as AEAD algorithms
cryptodev: remove AAD from authentication structure
app/test-crypto-perf/cperf_ops.c | 215 ++--
app/test-crypto-perf/cperf_ops.h | 6 +-
app/test-crypto-perf/cperf_options.h | 24 +-
app/test-crypto-perf/cperf_options_parsing.c | 148 ++-
app/test-crypto-perf/cperf_test_latency.c | 59 +-
app/test-crypto-perf/cperf_test_throughput.c | 24 +-
app/test-crypto-perf/cperf_test_vector_parsing.c | 67 +-
app/test-crypto-perf/cperf_test_vectors.c | 140 ++-
app/test-crypto-perf/cperf_test_vectors.h | 20 +-
app/test-crypto-perf/cperf_test_verify.c | 25 +-
app/test-crypto-perf/data/aes_cbc_128_sha.data | 2 +-
app/test-crypto-perf/data/aes_cbc_192_sha.data | 2 +-
app/test-crypto-perf/data/aes_cbc_256_sha.data | 2 +-
app/test-crypto-perf/main.c | 61 +-
doc/guides/prog_guide/cryptodev_lib.rst | 107 +-
doc/guides/prog_guide/img/crypto_xform_chain.svg | 8 +-
doc/guides/rel_notes/release_17_08.rst | 36 +
doc/guides/sample_app_ug/ipsec_secgw.rst | 43 +-
doc/guides/sample_app_ug/l2_forward_crypto.rst | 41 +-
doc/guides/tools/cryptoperf.rst | 50 +-
drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 260 +++--
drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 32 +-
drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h | 13 +-
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 16 +-
drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 21 +-
drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 5 +
drivers/crypto/armv8/rte_armv8_pmd.c | 26 +-
drivers/crypto/armv8/rte_armv8_pmd_ops.c | 6 +-
drivers/crypto/armv8/rte_armv8_pmd_private.h | 9 +-
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 87 +-
drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 25 +-
drivers/crypto/kasumi/rte_kasumi_pmd.c | 88 +-
drivers/crypto/kasumi/rte_kasumi_pmd_ops.c | 5 +-
drivers/crypto/kasumi/rte_kasumi_pmd_private.h | 2 +
drivers/crypto/null/null_crypto_pmd.c | 15 +-
drivers/crypto/null/null_crypto_pmd_ops.c | 9 +-
drivers/crypto/openssl/rte_openssl_pmd.c | 209 +++-
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 103 +-
drivers/crypto/openssl/rte_openssl_pmd_private.h | 14 +
drivers/crypto/qat/qat_adf/qat_algs.h | 9 +
drivers/crypto/qat/qat_adf/qat_algs_build_desc.c | 7 +-
drivers/crypto/qat/qat_crypto.c | 372 +++++--
drivers/crypto/qat/qat_crypto.h | 4 +
drivers/crypto/qat/qat_crypto_capabilities.h | 82 +-
drivers/crypto/snow3g/rte_snow3g_pmd.c | 79 +-
drivers/crypto/snow3g/rte_snow3g_pmd_ops.c | 5 +-
drivers/crypto/snow3g/rte_snow3g_pmd_private.h | 2 +
drivers/crypto/zuc/rte_zuc_pmd.c | 63 +-
drivers/crypto/zuc/rte_zuc_pmd_ops.c | 7 +-
drivers/crypto/zuc/rte_zuc_pmd_private.h | 2 +
examples/ipsec-secgw/esp.c | 243 ++--
examples/ipsec-secgw/ipsec.c | 1 -
examples/ipsec-secgw/ipsec.h | 6 +-
examples/ipsec-secgw/sa.c | 285 +++--
examples/l2fwd-crypto/main.c | 721 +++++++++---
lib/librte_cryptodev/rte_crypto.h | 37 +-
lib/librte_cryptodev/rte_crypto_sym.h | 618 +++++-----
lib/librte_cryptodev/rte_cryptodev.c | 71 +-
lib/librte_cryptodev/rte_cryptodev.h | 90 +-
lib/librte_cryptodev/rte_cryptodev_version.map | 10 +
test/test/test_cryptodev.c | 1176 ++++++++------------
test/test/test_cryptodev.h | 6 +
test/test/test_cryptodev_blockcipher.c | 35 +-
test/test/test_cryptodev_gcm_test_vectors.h | 29 +-
.../test/test_cryptodev_kasumi_hash_test_vectors.h | 16 +-
test/test/test_cryptodev_kasumi_test_vectors.h | 20 +-
test/test/test_cryptodev_perf.c | 673 +++++------
.../test/test_cryptodev_snow3g_hash_test_vectors.h | 14 +-
test/test/test_cryptodev_snow3g_test_vectors.h | 24 +-
test/test/test_cryptodev_zuc_test_vectors.h | 38 +-
70 files changed, 4042 insertions(+), 2728 deletions(-)
--
2.9.4
More information about the dev
mailing list