| Message ID | 20210907075957.28848-1-hemant.agrawal@nxp.com |
|---|---|
| Headers | show |
| Series | crypto: add raw vector support in DPAAx | expand |
-----Original Message-----
From: dev <dev-bounces@dpdk.org> On Behalf Of Hemant Agrawal
Sent: Tuesday 7 September 2021 09:00
To: dev@dpdk.org; gakhil@marvell.com
Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Zhang, Roy Fan <roy.fan.zhang@intel.com>
Subject: [dpdk-dev] [PATCH v2 00/15] crypto: add raw vector support in DPAAx
This patch series adds support for raw vector API in dpaax_sec drivers This also enhances the raw vector APIs to support OOP and security protocol support.
v2: fix aesni compilation and add release notes.
Gagandeep Singh (11):
crypto: add total raw buffer length
crypto: fix raw process for multi-seg case
crypto/dpaa2_sec: support raw datapath APIs
crypto/dpaa2_sec: support AUTH only with raw buffer APIs
crypto/dpaa2_sec: support AUTHENC with raw buffer APIs
crypto/dpaa2_sec: support AEAD with raw buffer APIs
crypto/dpaa2_sec: support OOP with raw buffer API
crypto/dpaa2_sec: enhance error checks with raw buffer APIs
crypto/dpaa_sec: support raw datapath APIs
crypto/dpaa_sec: support authonly and chain with raw APIs
crypto/dpaa_sec: support AEAD and proto with raw APIs
Hemant Agrawal (4):
crypto: change sgl to src_sgl in vector
crypto: add dest_sgl in raw vector APIs
test/crypto: add raw API test for dpaax
test/crypto: add raw API support in 5G algos
app/test/test_cryptodev.c | 179 +++-
doc/guides/rel_notes/release_21_11.rst | 8 +
drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 12 +-
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 6 +-
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 13 +-
drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 82 +-
drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c | 1045 ++++++++++++++++++
drivers/crypto/dpaa2_sec/meson.build | 3 +-
drivers/crypto/dpaa_sec/dpaa_sec.c | 23 +-
drivers/crypto/dpaa_sec/dpaa_sec.h | 40 +-
drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c | 1052 +++++++++++++++++++
drivers/crypto/dpaa_sec/meson.build | 4 +-
drivers/crypto/qat/qat_sym_hw_dp.c | 27 +-
lib/cryptodev/rte_crypto_sym.h | 13 +-
lib/ipsec/misc.h | 4 +-
15 files changed, 2407 insertions(+), 104 deletions(-) create mode 100644 drivers/crypto/dpaa2_sec/dpaa2_sec_raw_dp.c
create mode 100644 drivers/crypto/dpaa_sec/dpaa_sec_raw_dp.c
--
2.17.1
Series-acked-by: Rebecca Troy <rebecca.troy@intel.com>
Hi Hemant,
I still think it is enough to use rte_crypto_vec as well as
rte_crypto_sym_ofs is enough to describe the data including both the data
and aad.
Imagine 2 10 bytes segments case, encryption/hash size of 12 and aad of 8.
We will have
struct rte_crypto_vec sgl[2] = {{.base = x, .len = 10}, {.base = y, .len = 10}};
union rte_crypto_sym_ofs ofs = {.cipher.head = 0, .cipher.tail = 8, .auth.head = 0, .auth.tail = 8};
The driver shall understand there are 8 bytes not included for cipher/auth.
Regards,
Fan
> -----Original Message-----
> From: Hemant Agrawal <hemant.agrawal@nxp.com>
> Sent: Wednesday, October 13, 2021 8:00 PM
> To: dev@dpdk.org; gakhil@marvell.com
> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>; Gagandeep Singh <g.singh@nxp.com>
> Subject: [PATCH v4 02/15] crypto: add total raw buffer length
>
> From: Gagandeep Singh <g.singh@nxp.com>
>
> The current crypto raw data vectors is extended to support
> rte_security usecases, where we need total data length to know
> how much additional memory space is available in buffer other
> than data length so that driver/HW can write expanded size
> data after encryption.
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> Acked-by: Akhil Goyal <gakhil@marvell.com>
> ---
> doc/guides/rel_notes/deprecation.rst | 7 -------
> lib/cryptodev/rte_crypto_sym.h | 7 +++++++
> 2 files changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/doc/guides/rel_notes/deprecation.rst
> b/doc/guides/rel_notes/deprecation.rst
> index a4e86b31f5..53155459a0 100644
> --- a/doc/guides/rel_notes/deprecation.rst
> +++ b/doc/guides/rel_notes/deprecation.rst
> @@ -188,13 +188,6 @@ Deprecation Notices
> This field will be null for inplace processing.
> This change is targeted for DPDK 21.11.
>
> -* cryptodev: The structure ``rte_crypto_vec`` would be updated to add
> - ``tot_len`` to support total buffer length.
> - This is required for security cases like IPsec and PDCP encryption offload
> - to know how much additional memory space is available in buffer other
> than
> - data length so that driver/HW can write expanded size data after
> encryption.
> - This change is targeted for DPDK 21.11.
> -
> * cryptodev: Hide structures ``rte_cryptodev_sym_session`` and
> ``rte_cryptodev_asym_session`` to remove unnecessary indirection
> between
> session and the private data of session. An opaque pointer can be exposed
> diff --git a/lib/cryptodev/rte_crypto_sym.h
> b/lib/cryptodev/rte_crypto_sym.h
> index dcc0bd5933..6be283e83c 100644
> --- a/lib/cryptodev/rte_crypto_sym.h
> +++ b/lib/cryptodev/rte_crypto_sym.h
> @@ -37,6 +37,8 @@ struct rte_crypto_vec {
> rte_iova_t iova;
> /** length of the data buffer */
> uint32_t len;
> + /** total buffer length */
> + uint32_t tot_len;
> };
>
> /**
> @@ -980,12 +982,14 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf
> *mb, uint32_t ofs, uint32_t len,
> seglen = mb->data_len - ofs;
> if (len <= seglen) {
> vec[0].len = len;
> + vec[0].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb)
> - ofs;
> return 1;
> }
>
> /* data spread across segments */
> vec[0].len = seglen;
> left = len - seglen;
> + vec[0].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb) - ofs;
> for (i = 1, nseg = mb->next; nseg != NULL; nseg = nseg->next, i++) {
>
> vec[i].base = rte_pktmbuf_mtod(nseg, void *);
> @@ -995,6 +999,8 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf *mb,
> uint32_t ofs, uint32_t len,
> if (left <= seglen) {
> /* whole requested data is completed */
> vec[i].len = left;
> + vec[i].tot_len = mb->buf_len -
> rte_pktmbuf_headroom(mb)
> + - ofs;
> left = 0;
> break;
> }
> @@ -1002,6 +1008,7 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf
> *mb, uint32_t ofs, uint32_t len,
> /* use whole segment */
> vec[i].len = seglen;
> left -= seglen;
> + vec[i].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb)
> - ofs;
> }
>
> RTE_ASSERT(left == 0);
> --
> 2.17.1
> > From: Gagandeep Singh <g.singh@nxp.com> > > If no next segment available the “for” loop will fail and it still > returns i+1 i.e. 2, which is wrong as it has filled only 1 buffer. > > Fixes: 7adf992fb9bf ("cryptodev: introduce CPU crypto API") > Cc: marcinx.smoczynski@intel.com > Cc: stable@dpdk.org > > Signed-off-by: Gagandeep Singh <g.singh@nxp.com> > --- > lib/cryptodev/rte_crypto_sym.h | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h > index b6a229e263..dc88ad6dcc 100644 > --- a/lib/cryptodev/rte_crypto_sym.h > +++ b/lib/cryptodev/rte_crypto_sym.h > @@ -1004,6 +1004,7 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf *mb, uint32_t ofs, uint32_t len, > vec[i].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb) > - ofs; > left = 0; > + i++; > break; > } > > @@ -1014,7 +1015,7 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf *mb, uint32_t ofs, uint32_t len, > } > > RTE_ASSERT(left == 0); > - return i + 1; > + return i; > } > > > -- Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com> > 2.17.1
> The current crypto raw data vectors is extended to support > rte_security usecases, where we need total data length to know > how much additional memory space is available in buffer other > than data length so that driver/HW can write expanded size > data after encryption. > > Signed-off-by: Gagandeep Singh <g.singh@nxp.com> > Acked-by: Akhil Goyal <gakhil@marvell.com> > --- > doc/guides/rel_notes/deprecation.rst | 7 ------- > lib/cryptodev/rte_crypto_sym.h | 7 +++++++ > 2 files changed, 7 insertions(+), 7 deletions(-) > > diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst > index a4e86b31f5..53155459a0 100644 > --- a/doc/guides/rel_notes/deprecation.rst > +++ b/doc/guides/rel_notes/deprecation.rst > @@ -188,13 +188,6 @@ Deprecation Notices > This field will be null for inplace processing. > This change is targeted for DPDK 21.11. > > -* cryptodev: The structure ``rte_crypto_vec`` would be updated to add > - ``tot_len`` to support total buffer length. > - This is required for security cases like IPsec and PDCP encryption offload > - to know how much additional memory space is available in buffer other than > - data length so that driver/HW can write expanded size data after encryption. > - This change is targeted for DPDK 21.11. > - > * cryptodev: Hide structures ``rte_cryptodev_sym_session`` and > ``rte_cryptodev_asym_session`` to remove unnecessary indirection between > session and the private data of session. An opaque pointer can be exposed > diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h > index dcc0bd5933..6be283e83c 100644 > --- a/lib/cryptodev/rte_crypto_sym.h > +++ b/lib/cryptodev/rte_crypto_sym.h > @@ -37,6 +37,8 @@ struct rte_crypto_vec { > rte_iova_t iova; > /** length of the data buffer */ > uint32_t len; > + /** total buffer length */ > + uint32_t tot_len; > }; > > /** > @@ -980,12 +982,14 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf *mb, uint32_t ofs, uint32_t len, > seglen = mb->data_len - ofs; > if (len <= seglen) { > vec[0].len = len; > + vec[0].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb) - ofs; > return 1; > } > > /* data spread across segments */ > vec[0].len = seglen; > left = len - seglen; > + vec[0].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb) - ofs; As a nit this line and similar line above can be merged into one and put before 'if' statement above, i.e.: vec[0].base = rte_pktmbuf_mtod_offset(mb, void *, ofs); vec[0].iova = rte_pktmbuf_iova_offset(mb, ofs); vec[0].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb) - ofs; > for (i = 1, nseg = mb->next; nseg != NULL; nseg = nseg->next, i++) { > > vec[i].base = rte_pktmbuf_mtod(nseg, void *); > @@ -995,6 +999,8 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf *mb, uint32_t ofs, uint32_t len, > if (left <= seglen) { > /* whole requested data is completed */ > vec[i].len = left; > + vec[i].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb) > + - ofs; Same as above - these two lines can be put as one before 'if'. > left = 0; > break; > } > @@ -1002,6 +1008,7 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf *mb, uint32_t ofs, uint32_t len, > /* use whole segment */ > vec[i].len = seglen; > left -= seglen; > + vec[i].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb) - ofs; > } > > RTE_ASSERT(left == 0); > -- > 2.17.1 With nits above applied: Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Hi Fan On 10/14/2021 6:09 PM, Zhang, Roy Fan wrote: > Hi Hemant, > > I still think it is enough to use rte_crypto_vec as well as > rte_crypto_sym_ofs is enough to describe the data including both the data > and aad. > > Imagine 2 10 bytes segments case, encryption/hash size of 12 and aad of 8. > We will have > struct rte_crypto_vec sgl[2] = {{.base = x, .len = 10}, {.base = y, .len = 10}}; > union rte_crypto_sym_ofs ofs = {.cipher.head = 0, .cipher.tail = 8, .auth.head = 0, .auth.tail = 8}; > > The driver shall understand there are 8 bytes not included for cipher/auth. This is the protocol offload case. It won't work in that case. > > Regards, > Fan > >> -----Original Message----- >> From: Hemant Agrawal <hemant.agrawal@nxp.com> >> Sent: Wednesday, October 13, 2021 8:00 PM >> To: dev@dpdk.org; gakhil@marvell.com >> Cc: Ananyev, Konstantin <konstantin.ananyev@intel.com>; Zhang, Roy Fan >> <roy.fan.zhang@intel.com>; Gagandeep Singh <g.singh@nxp.com> >> Subject: [PATCH v4 02/15] crypto: add total raw buffer length >> >> From: Gagandeep Singh <g.singh@nxp.com> >> >> The current crypto raw data vectors is extended to support >> rte_security usecases, where we need total data length to know >> how much additional memory space is available in buffer other >> than data length so that driver/HW can write expanded size >> data after encryption. >> >> Signed-off-by: Gagandeep Singh <g.singh@nxp.com> >> Acked-by: Akhil Goyal <gakhil@marvell.com> >> --- >> doc/guides/rel_notes/deprecation.rst | 7 ------- >> lib/cryptodev/rte_crypto_sym.h | 7 +++++++ >> 2 files changed, 7 insertions(+), 7 deletions(-) >> >> diff --git a/doc/guides/rel_notes/deprecation.rst >> b/doc/guides/rel_notes/deprecation.rst >> index a4e86b31f5..53155459a0 100644 >> --- a/doc/guides/rel_notes/deprecation.rst >> +++ b/doc/guides/rel_notes/deprecation.rst >> @@ -188,13 +188,6 @@ Deprecation Notices >> This field will be null for inplace processing. >> This change is targeted for DPDK 21.11. >> >> -* cryptodev: The structure ``rte_crypto_vec`` would be updated to add >> - ``tot_len`` to support total buffer length. >> - This is required for security cases like IPsec and PDCP encryption offload >> - to know how much additional memory space is available in buffer other >> than >> - data length so that driver/HW can write expanded size data after >> encryption. >> - This change is targeted for DPDK 21.11. >> - >> * cryptodev: Hide structures ``rte_cryptodev_sym_session`` and >> ``rte_cryptodev_asym_session`` to remove unnecessary indirection >> between >> session and the private data of session. An opaque pointer can be exposed >> diff --git a/lib/cryptodev/rte_crypto_sym.h >> b/lib/cryptodev/rte_crypto_sym.h >> index dcc0bd5933..6be283e83c 100644 >> --- a/lib/cryptodev/rte_crypto_sym.h >> +++ b/lib/cryptodev/rte_crypto_sym.h >> @@ -37,6 +37,8 @@ struct rte_crypto_vec { >> rte_iova_t iova; >> /** length of the data buffer */ >> uint32_t len; >> + /** total buffer length */ >> + uint32_t tot_len; >> }; >> >> /** >> @@ -980,12 +982,14 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf >> *mb, uint32_t ofs, uint32_t len, >> seglen = mb->data_len - ofs; >> if (len <= seglen) { >> vec[0].len = len; >> + vec[0].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb) >> - ofs; >> return 1; >> } >> >> /* data spread across segments */ >> vec[0].len = seglen; >> left = len - seglen; >> + vec[0].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb) - ofs; >> for (i = 1, nseg = mb->next; nseg != NULL; nseg = nseg->next, i++) { >> >> vec[i].base = rte_pktmbuf_mtod(nseg, void *); >> @@ -995,6 +999,8 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf *mb, >> uint32_t ofs, uint32_t len, >> if (left <= seglen) { >> /* whole requested data is completed */ >> vec[i].len = left; >> + vec[i].tot_len = mb->buf_len - >> rte_pktmbuf_headroom(mb) >> + - ofs; >> left = 0; >> break; >> } >> @@ -1002,6 +1008,7 @@ rte_crypto_mbuf_to_vec(const struct rte_mbuf >> *mb, uint32_t ofs, uint32_t len, >> /* use whole segment */ >> vec[i].len = seglen; >> left -= seglen; >> + vec[i].tot_len = mb->buf_len - rte_pktmbuf_headroom(mb) >> - ofs; >> } >> >> RTE_ASSERT(left == 0); >> -- >> 2.17.1
> The structure rte_crypto_sym_vec is updated to > add dest_sgl to support out of place processing. > > Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com> > Acked-by: Akhil Goyal <gakhil@marvell.com> > Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com> > --- > doc/guides/rel_notes/deprecation.rst | 5 ----- > lib/cryptodev/rte_crypto_sym.h | 2 ++ > 2 files changed, 2 insertions(+), 5 deletions(-) > > diff --git a/doc/guides/rel_notes/deprecation.rst > b/doc/guides/rel_notes/deprecation.rst > index 53155459a0..581ee21449 100644 > --- a/doc/guides/rel_notes/deprecation.rst > +++ b/doc/guides/rel_notes/deprecation.rst > @@ -183,11 +183,6 @@ Deprecation Notices > has a limited size ``uint16_t``. > It will be moved and extended as ``uint32_t`` in DPDK 21.11. > > -* cryptodev: The structure ``rte_crypto_sym_vec`` would be updated to add > - ``dest_sgl`` to support out of place processing. > - This field will be null for inplace processing. > - This change is targeted for DPDK 21.11. > - Corresponding release notes update missing. > * cryptodev: Hide structures ``rte_cryptodev_sym_session`` and > ``rte_cryptodev_asym_session`` to remove unnecessary indirection > between > session and the private data of session. An opaque pointer can be exposed > diff --git a/lib/cryptodev/rte_crypto_sym.h > b/lib/cryptodev/rte_crypto_sym.h > index 6be283e83c..b6a229e263 100644 > --- a/lib/cryptodev/rte_crypto_sym.h > +++ b/lib/cryptodev/rte_crypto_sym.h > @@ -72,6 +72,8 @@ struct rte_crypto_sym_vec { > uint32_t num; > /** array of SGL vectors */ > struct rte_crypto_sgl *src_sgl; > + /** array of SGL vectors for OOP, keep it NULL for inplace*/ > + struct rte_crypto_sgl *dest_sgl; > /** array of pointers to cipher IV */ > struct rte_crypto_va_iova_ptr *iv; > /** array of pointers to digest */ > -- > 2.17.1