[dpdk-dev] [PATCH v3 00/26] Crypto operation restructuring

Trahe, Fiona fiona.trahe at intel.com
Fri Jun 30 15:23:12 CEST 2017



> -----Original Message-----
> From: De Lara Guarch, Pablo
> Sent: Thursday, June 29, 2017 12:35 PM
> To: Doherty, Declan <declan.doherty at intel.com>; zbigniew.bodek at caviumnetworks.com;
> jerin.jacob at caviumnetworks.com; akhil.goyal at nxp.com; hemant.agrawal at nxp.com; Trahe, Fiona
> <fiona.trahe at intel.com>; Griffin, John <john.griffin at intel.com>; Jain, Deepak K
> <deepak.k.jain at intel.com>
> Cc: dev at dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch at intel.com>
> Subject: [PATCH v3 00/26] Crypto operation restructuring
> 
> This patchset attempts to correct and improve the current crypto operation
> (rte_crypto_op) and symmetric crypto operation (rte_crypto_sym_op) structures,
> shrinking their sizes to fit both structures into two 64-byte cache lines
> (with extra space for the IV and other user data) as one of the goals.
> 
> It also introduces new AEAD algorithm specific parameters,
> to simplify its setup with a single transform, instead of a concatenation
> of a cipher and an authentication transform.
> 
> The following changes are made:
> 
> In rte_crypto_op:
> 
> - Moved session type (with session/sessionless) from symmetric op to crypto op,
>   as this could be used for other types
> 
> - Combined operation type, operation status and session type into a 64-bit flag (each one taking 1 byte),
>   instead of having enums taking 4 bytes each
> 
> - Removed opaque data from crypto operation, as private data can be allocated
>   just after the symmetric (or other type) crypto operation
> 
> - Modified symmetric operation pointer to zero-array, as the symmetric op should be always after the
> crypto operation
> 
> - Removed unnecessary cache alignment
> 
> In rte_crypto_sym_xform:
> 
> - Added IV length and offset in sym_xform, so these will be fixed for all the operations in a session
> 
> - Added a new AEAD transform
> 
> - Added IV for authentication and AEAD transforms
> 
> - Removed AAD length from authentication transform, as it is only used for AEAD algorithms
> 
> In rte_crypto_sym_op:
> 
> - Removed IV parameters, which will be only in the session.
> 
> - Added AEAD specific parameters.
> 
> - Create union with the new AEAD parameters and the cipher/authentication parameters,
>   as the three cannot be used at the same time
> 
> - Removed digest length from sym crypto op, so this length will be fixed for all the operations in a
> session
> 
> - Removed AAD length from sym crypto op, so this length will be fixed for all operations in a session
> 
> - Removed AAD from authentication structure, as it is only used for AEAD algorithms
> 
> - Added zero-array at the end of sym crypto op to be used to get extra allocated memory (IV + other
> user data)
> 
> 
> In terms of algorithm usage:
> 
> - AEAD algorithms (like AES-GCM) are set up only using the AEAD structure
> 
> - AES GMAC will be an authentication only algorithm, using the source buffer directly, instead of AAD
> field
> 
> - Wireless algorithms (like SNOW3G) do not use AAD field for authentication IV anymore, as this is
> available now.
> 
> 
> Finally, a comparison between the previous operation and the new operation:
> 
> Previous rte_crypto_op (40 bytes) and rte_crypto_sym_op (114 bytes) structures:
> 
> struct rte_crypto_op {
>     enum rte_crypto_op_type type;
>     enum rte_crypto_op_status status;
>     struct rte_mempool *mempool;
>     phys_addr_t phys_addr;
>     void *opaque_data;
>     union {
>        struct rte_crypto_sym_op *sym;
>     };
> } __rte_cache_aligned;
> 
> struct rte_crypto_sym_op {
>     struct rte_mbuf *m_src;
>     struct rte_mbuf *m_dst;
> 
>     enum rte_crypto_sym_op_sess_type sess_type;
> 
>     RTE_STD_C11
>     union {
>        struct rte_cryptodev_sym_session *session;
>        struct rte_crypto_sym_xform *xform;
>     };
> 
>     struct {
>         struct {
>             uint32_t offset;
>             uint32_t length;
>         } data;
> 
>         struct {
>             uint8_t *data;
>             phys_addr_t phys_addr;
>             uint16_t length;
>         } iv;
>     } cipher;
> 
>     struct {
>         struct {
>             uint32_t offset;
>             uint32_t length;
>         } data;
>         struct {
>             uint8_t *data;
>             phys_addr_t phys_addr;
>             uint16_t length;
>         } digest; /**< Digest parameters */
> 
>         struct {
>             uint8_t *data;
>             phys_addr_t phys_addr;
>             uint16_t length;
>         } aad;
> 
>     } auth;
> } __rte_cache_aligned;
> 
> 
> New rte_crypto_op (24 bytes) and rte_crypto_sym_op (72 bytes) structures:
> 
> struct rte_crypto_op {
>     uint64_t type: 8;
>     uint64_t status: 8;
>     uint64_t sess_type: 8;
> 
>     struct rte_mempool *mempool;
> 
>     phys_addr_t phys_addr;
> 
>     RTE_STD_C11
>     union {
>        struct rte_crypto_sym_op sym[0];
>     };
> } __rte_cache_aligned;
> 
> 
> struct rte_crypto_sym_op {
>     struct rte_mbuf *m_src;
>     struct rte_mbuf *m_dst;
> 
>     union {
>         struct rte_cryptodev_sym_session *session;
>         /**< Handle for the initialised session context */
>         struct rte_crypto_sym_xform *xform;
>         /**< Session-less API Crypto operation parameters */
>     };
> 
>     union {
>         struct {
>             struct {
>                 uint32_t offset;
>                 uint32_t length;
>             } data; /**< Data offsets and length for AEAD */
> 
>             struct {
>                 uint8_t *data;
>                 phys_addr_t phys_addr;
>             } digest; /**< Digest parameters */
> 
>             struct {
>                 uint8_t *data;
>                 phys_addr_t phys_addr;
>             } aad;
>             /**< Additional authentication parameters */
>         } aead;
> 
>         struct {
>             struct {
>                 struct {
>                     uint32_t offset;
>                     uint32_t length;
>                 } data; /**< Data offsets and length for ciphering */
>             } cipher;
> 
>             struct {
>                 struct {
>                     uint32_t offset;
>                     uint32_t length;
>                 } data;
>                 /**< Data offsets and length for authentication */
> 
>                 struct {
>                     uint8_t *data;
>                     phys_addr_t phys_addr;
>                 } digest; /**< Digest parameters */
>             } auth;
>         };
>     };
> };
> 
> Changes in v3:
> 
> - Removed unnecessary branch in test code
> 
> - Removed unnecessary memcpy in perf application
> 
> - Removed fix for QAT, which will be sent separated
> 
> - Rebased against dpdk-next-crypto subtree
> 
> Changes in v2:
> 
> - Added AEAD structures
> 
> - Added authentication IV (used for AES-GMAC and wireless algorithms)
> 
> - Modified all applications with the changes
> 
> - Modified all drivers with the changes
> 
> - Moved AAD length to the crypto session
> 
> - Rebased against latest dpdk-next-crypto
> 
> - Added documentation changes
> 
> Pablo de Lara (26):
>   cryptodev: move session type to generic crypto op
>   cryptodev: replace enums with 1-byte variables
>   cryptodev: remove opaque data pointer in crypto op
>   cryptodev: do not store pointer to op specific params
>   cryptodev: remove useless alignment
>   cryptodev: add crypto op helper macros
>   test/crypto: move IV to crypto op private data
>   test/crypto-perf: move IV to crypto op private data
>   app/crypto-perf: move IV to crypto op private data
>   examples/l2fwd-crypto: move IV to crypto op private data
>   examples/ipsec-secgw: move IV to crypto op private data
>   cryptodev: pass IV as offset
>   cryptodev: move IV parameters to crypto session
>   cryptodev: add auth IV
>   cryptodev: do not use AAD in wireless algorithms
>   cryptodev: remove AAD length from crypto op
>   cryptodev: remove digest length from crypto op
>   cryptodev: set AES-GMAC as auth-only algo
>   cryptodev: add AEAD specific data
>   cryptodev: add AEAD parameters in crypto operation
>   examples/l2fwd-crypto: avoid too many tabs
>   app/test-crypto-perf: add AEAD parameters
>   examples/ipsec-secgw: add AEAD parameters
>   examples/l2fwd-crypto: add AEAD parameters
>   cryptodev: use AES-GCM/CCM as AEAD algorithms
>   cryptodev: remove AAD from authentication structure
> 
>  app/test-crypto-perf/cperf_ops.c                   |  246 ++--
>  app/test-crypto-perf/cperf_ops.h                   |    6 +-
>  app/test-crypto-perf/cperf_options.h               |   24 +-
>  app/test-crypto-perf/cperf_options_parsing.c       |  148 ++-
>  app/test-crypto-perf/cperf_test_latency.c          |   59 +-
>  app/test-crypto-perf/cperf_test_throughput.c       |   24 +-
>  app/test-crypto-perf/cperf_test_vector_parsing.c   |   67 +-
>  app/test-crypto-perf/cperf_test_vectors.c          |  140 ++-
>  app/test-crypto-perf/cperf_test_vectors.h          |   20 +-
>  app/test-crypto-perf/cperf_test_verify.c           |   25 +-
>  app/test-crypto-perf/data/aes_cbc_128_sha.data     |    2 +-
>  app/test-crypto-perf/data/aes_cbc_192_sha.data     |    2 +-
>  app/test-crypto-perf/data/aes_cbc_256_sha.data     |    2 +-
>  app/test-crypto-perf/main.c                        |   61 +-
>  doc/guides/prog_guide/cryptodev_lib.rst            |  107 +-
>  doc/guides/prog_guide/img/crypto_xform_chain.svg   |    8 +-
>  doc/guides/rel_notes/release_17_08.rst             |   36 +
>  doc/guides/sample_app_ug/ipsec_secgw.rst           |   43 +-
>  doc/guides/sample_app_ug/l2_forward_crypto.rst     |   41 +-
>  doc/guides/tools/cryptoperf.rst                    |   50 +-
>  drivers/crypto/aesni_gcm/aesni_gcm_pmd.c           |  260 +++--
>  drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c       |   32 +-
>  drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h   |   13 +-
>  drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c         |   16 +-
>  drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c     |   21 +-
>  drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h |    5 +
>  drivers/crypto/armv8/rte_armv8_pmd.c               |   26 +-
>  drivers/crypto/armv8/rte_armv8_pmd_ops.c           |    6 +-
>  drivers/crypto/armv8/rte_armv8_pmd_private.h       |    9 +-
>  drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c        |   87 +-
>  drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h          |   25 +-
>  drivers/crypto/kasumi/rte_kasumi_pmd.c             |   88 +-
>  drivers/crypto/kasumi/rte_kasumi_pmd_ops.c         |    5 +-
>  drivers/crypto/kasumi/rte_kasumi_pmd_private.h     |    2 +
>  drivers/crypto/null/null_crypto_pmd.c              |   15 +-
>  drivers/crypto/null/null_crypto_pmd_ops.c          |    9 +-
>  drivers/crypto/openssl/rte_openssl_pmd.c           |  209 +++-
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c       |  103 +-
>  drivers/crypto/openssl/rte_openssl_pmd_private.h   |   14 +
>  drivers/crypto/qat/qat_adf/qat_algs.h              |    9 +
>  drivers/crypto/qat/qat_adf/qat_algs_build_desc.c   |    7 +-
>  drivers/crypto/qat/qat_crypto.c                    |  341 ++++--
>  drivers/crypto/qat/qat_crypto.h                    |    4 +
>  drivers/crypto/qat/qat_crypto_capabilities.h       |   82 +-
>  drivers/crypto/snow3g/rte_snow3g_pmd.c             |   79 +-
>  drivers/crypto/snow3g/rte_snow3g_pmd_ops.c         |    5 +-
>  drivers/crypto/snow3g/rte_snow3g_pmd_private.h     |    2 +
>  drivers/crypto/zuc/rte_zuc_pmd.c                   |   63 +-
>  drivers/crypto/zuc/rte_zuc_pmd_ops.c               |    7 +-
>  drivers/crypto/zuc/rte_zuc_pmd_private.h           |    2 +
>  examples/ipsec-secgw/esp.c                         |  243 ++--
>  examples/ipsec-secgw/ipsec.c                       |    1 -
>  examples/ipsec-secgw/ipsec.h                       |    6 +-
>  examples/ipsec-secgw/sa.c                          |  285 +++--
>  examples/l2fwd-crypto/main.c                       |  721 +++++++++---
>  lib/librte_cryptodev/rte_crypto.h                  |   37 +-
>  lib/librte_cryptodev/rte_crypto_sym.h              |  618 +++++-----
>  lib/librte_cryptodev/rte_cryptodev.c               |   71 +-
>  lib/librte_cryptodev/rte_cryptodev.h               |   90 +-
>  lib/librte_cryptodev/rte_cryptodev_version.map     |    4 +
>  test/test/test_cryptodev.c                         | 1176 ++++++++------------
>  test/test/test_cryptodev.h                         |    6 +
>  test/test/test_cryptodev_blockcipher.c             |   41 +-
>  test/test/test_cryptodev_gcm_test_vectors.h        |   29 +-
>  .../test/test_cryptodev_kasumi_hash_test_vectors.h |   16 +-
>  test/test/test_cryptodev_kasumi_test_vectors.h     |   20 +-
>  test/test/test_cryptodev_perf.c                    |  673 +++++------
>  .../test/test_cryptodev_snow3g_hash_test_vectors.h |   14 +-
>  test/test/test_cryptodev_snow3g_test_vectors.h     |   24 +-
>  test/test/test_cryptodev_zuc_test_vectors.h        |   38 +-
>  70 files changed, 4044 insertions(+), 2726 deletions(-)
> 
> --
> 2.9.4

Acked-by: Fiona Trahe <fiona.trahe at intel.com>


More information about the dev mailing list