[dpdk-dev] [PATCH v4 0/6] Crypto API and device framework

Sergio Gonzalez Monroy sergio.gonzalez.monroy at intel.com
Tue Nov 3 22:20:21 CET 2015


On 03/11/2015 17:45, Declan Doherty wrote:
> This series of patches defines a set of application burst oriented APIs for
> asynchronous symmetric cryptographic functions within DPDK. It also contains a
> poll mode driver cryptographic device framework for the implementation of
> crypto devices within DPDK.
>
> In the patch set we also have included 2 reference implementations of crypto
> PMDs. Currently both implementations  support AES128-CBC with
> HMAC_SHA1/SHA256/SHA512 authentication operations. The first device is a purely
>   software PMD based on Intel's multi-buffer library, which utilises both
> AES-NI instructions and vector operations to accelerate crypto operations and
> the second PMD utilises Intel's Quick Assist Technology (on DH895xxC) to provide
> hardware accelerated crypto operations.
>
> The API set supports two functional modes of operation:
>
> 1, A session oriented mode. In this mode the user creates a crypto session
> which defines all the immutable data required to perform a particular crypto
> operation in advance, including cipher/hash algorithms and operations to be
> performed as well as the keys to used etc. The session is then referenced by
> the crypto operation data structure which is a data structure specific to each
> mbuf. It is contains all mutable data about the cryto operation to be
> performed, such as data offsets and lengths into the mbuf's data payload for
> cipher and hash operations to be performed.
>
> 2, A session-less mode. In this mode the user is able to provision crypto
> operations on an mbuf without the need to have a cached session created in
> advance, but at the cost of entailing the overhead of calculating
> authentication pre-computes and preforming key expansions in-line with the
> crypto operation. The crypto xform chain is directly attached to the op struct
> in this mode, so the op struct now contains all of the immutable crypto operation
> parameters that would be normally set within a session. Once all mutable and
> immutable parameters are set the crypto operation data structure can be attached
> to the specified mbuf and enqueued on a specified crypto device for processing.
>
> The patch set contains the following features:
> - Crypto device APIs and device framework
> - Implementation of a software crypto PMD based on multi-buffer library
> - Implementation of a hardware crypto PMD baed on Intel QAT(DH895xxC)
> - Unit and performance test's which give and example of utilising the crypto API's.
> - Sample application which performs crypto operations on the IP payload of the
>    packets being forwarded
>
> Current Status:
> There is no support for chained mbuf's and as mentioned above the PMD's
> have currently implemented support for AES128-CBC/AES256-CBC/AES512-CBC
> and HMAC_SHA1/SHA256/SHA512.
>
> v4:
>   - Some more EOF whitespace and checkpatch fixes
>
> v3:
>   - Fixes a document build error, which I missed in the V2
>   - Fixes for remaining checkpatch errors
>   - Disables QAT and AESNI_MB PMD being build by default as they have external
>     library dependences
>
> v2:
>   - Introduces a new library to support attaching offload operations to a mbuf
>   - Remove unused APIs from cryptodev
>   - PMD code refactor due to new rte_mbuf_offload structure
>   - General bug fixes and code tidy up
>
>
> Declan Doherty (6):
>    cryptodev: Initial DPDK Crypto APIs and device framework release
>    mbuf_offload: library to support attaching offloads to a mbuf
>    qat_crypto_pmd: Addition of a new QAT DPDK PMD.
>    aesni_mb_pmd: Initial implementation of multi buffer based crypto
>      device
>    app/test: add cryptodev unit and performance tests
>    l2fwd-crypto: crypto
>
>
Series Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy at intel.com>



More information about the dev mailing list