Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/58864/?format=api
{ "id": 58864, "url": "http://patches.dpdk.org/api/patches/58864/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/patch/20190906131330.40185-3-roy.fan.zhang@intel.com/", "project": { "id": 1, "url": "http://patches.dpdk.org/api/projects/1/?format=api", "name": "DPDK", "link_name": "dpdk", "list_id": "dev.dpdk.org", "list_email": "dev@dpdk.org", "web_url": "http://core.dpdk.org", "scm_url": "git://dpdk.org/dpdk", "webscm_url": "http://git.dpdk.org/dpdk", "list_archive_url": "https://inbox.dpdk.org/dev", "list_archive_url_format": "https://inbox.dpdk.org/dev/{}", "commit_url_format": "" }, "msgid": "<20190906131330.40185-3-roy.fan.zhang@intel.com>", "list_archive_url": "https://inbox.dpdk.org/dev/20190906131330.40185-3-roy.fan.zhang@intel.com", "date": "2019-09-06T13:13:22", "name": "[02/10] crypto/aesni_gcm: add rte_security handler", "commit_ref": null, "pull_url": null, "state": "changes-requested", "archived": true, "hash": "86650800fe88ac20efe61da4ba94663b0855ea50", "submitter": { "id": 304, "url": "http://patches.dpdk.org/api/people/304/?format=api", "name": "Fan Zhang", "email": "roy.fan.zhang@intel.com" }, "delegate": { "id": 6690, "url": "http://patches.dpdk.org/api/users/6690/?format=api", "username": "akhil", "first_name": "akhil", "last_name": "goyal", "email": "gakhil@marvell.com" }, "mbox": "http://patches.dpdk.org/project/dpdk/patch/20190906131330.40185-3-roy.fan.zhang@intel.com/mbox/", "series": [ { "id": 6303, "url": "http://patches.dpdk.org/api/series/6303/?format=api", "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=6303", "date": "2019-09-06T13:13:20", "name": "security: add software synchronous crypto process", "version": 1, "mbox": "http://patches.dpdk.org/series/6303/mbox/" } ], "comments": "http://patches.dpdk.org/api/patches/58864/comments/", "check": "success", "checks": "http://patches.dpdk.org/api/patches/58864/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<dev-bounces@dpdk.org>", "X-Original-To": "patchwork@dpdk.org", "Delivered-To": "patchwork@dpdk.org", "Received": [ "from [92.243.14.124] (localhost [127.0.0.1])\n\tby dpdk.org (Postfix) with ESMTP id BC8801F388;\n\tFri, 6 Sep 2019 15:13:41 +0200 (CEST)", "from mga18.intel.com (mga18.intel.com [134.134.136.126])\n\tby dpdk.org (Postfix) with ESMTP id 6E4821F379\n\tfor <dev@dpdk.org>; Fri, 6 Sep 2019 15:13:38 +0200 (CEST)", "from fmsmga002.fm.intel.com ([10.253.24.26])\n\tby orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n\t06 Sep 2019 06:13:37 -0700", "from silpixa00398673.ir.intel.com (HELO\n\tsilpixa00398673.ger.corp.intel.com) ([10.237.223.136])\n\tby fmsmga002.fm.intel.com with ESMTP; 06 Sep 2019 06:13:36 -0700" ], "X-Amp-Result": "SKIPPED(no attachment in message)", "X-Amp-File-Uploaded": "False", "X-ExtLoop1": "1", "X-IronPort-AV": "E=Sophos;i=\"5.64,473,1559545200\"; d=\"scan'208\";a=\"213140721\"", "From": "Fan Zhang <roy.fan.zhang@intel.com>", "To": "dev@dpdk.org", "Cc": "konstantin.ananyev@intel.com, declan.doherty@intel.com,\n\takhil.goyal@nxp.com, Fan Zhang <roy.fan.zhang@intel.com>", "Date": "Fri, 6 Sep 2019 14:13:22 +0100", "Message-Id": "<20190906131330.40185-3-roy.fan.zhang@intel.com>", "X-Mailer": "git-send-email 2.14.5", "In-Reply-To": "<20190906131330.40185-1-roy.fan.zhang@intel.com>", "References": "<20190903154046.55992-1-roy.fan.zhang@intel.com>\n\t<20190906131330.40185-1-roy.fan.zhang@intel.com>", "Subject": "[dpdk-dev] [PATCH 02/10] crypto/aesni_gcm: add rte_security handler", "X-BeenThere": "dev@dpdk.org", "X-Mailman-Version": "2.1.15", "Precedence": "list", "List-Id": "DPDK patches and discussions <dev.dpdk.org>", "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n\t<mailto:dev-request@dpdk.org?subject=unsubscribe>", "List-Archive": "<http://mails.dpdk.org/archives/dev/>", "List-Post": "<mailto:dev@dpdk.org>", "List-Help": "<mailto:dev-request@dpdk.org?subject=help>", "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n\t<mailto:dev-request@dpdk.org?subject=subscribe>", "Errors-To": "dev-bounces@dpdk.org", "Sender": "\"dev\" <dev-bounces@dpdk.org>" }, "content": "This patch add rte_security support support to AESNI-GCM PMD. The PMD now\ninitialize security context instance, create/delete PMD specific security\nsessions, and process crypto workloads in synchronous mode with\nscatter-gather list buffer supported.\n\nSigned-off-by: Fan Zhang <roy.fan.zhang@intel.com>\n---\n drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 91 ++++++++++++++++++++++-\n drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 95 ++++++++++++++++++++++++\n drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h | 23 ++++++\n 3 files changed, 208 insertions(+), 1 deletion(-)", "diff": "diff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c\nindex 1006a5c4d..0a346eddd 100644\n--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c\n+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd.c\n@@ -6,6 +6,7 @@\n #include <rte_hexdump.h>\n #include <rte_cryptodev.h>\n #include <rte_cryptodev_pmd.h>\n+#include <rte_security_driver.h>\n #include <rte_bus_vdev.h>\n #include <rte_malloc.h>\n #include <rte_cpuflags.h>\n@@ -174,6 +175,56 @@ aesni_gcm_get_session(struct aesni_gcm_qp *qp, struct rte_crypto_op *op)\n \treturn sess;\n }\n \n+static __rte_always_inline int\n+process_gcm_security_sgl_buf(struct aesni_gcm_security_session *sess,\n+\t\tstruct rte_security_vec *buf, uint8_t *iv,\n+\t\tuint8_t *aad, uint8_t *digest)\n+{\n+\tstruct aesni_gcm_session *session = &sess->sess;\n+\tuint8_t *tag;\n+\tuint32_t i;\n+\n+\tsess->init(&session->gdata_key, &sess->gdata_ctx, iv, aad,\n+\t\t\t(uint64_t)session->aad_length);\n+\n+\tfor (i = 0; i < buf->num; i++) {\n+\t\tstruct iovec *vec = &buf->vec[i];\n+\n+\t\tsess->update(&session->gdata_key, &sess->gdata_ctx,\n+\t\t\t\tvec->iov_base, vec->iov_base, vec->iov_len);\n+\t}\n+\n+\tswitch (session->op) {\n+\tcase AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION:\n+\t\tif (session->req_digest_length != session->gen_digest_length)\n+\t\t\ttag = sess->temp_digest;\n+\t\telse\n+\t\t\ttag = digest;\n+\n+\t\tsess->finalize(&session->gdata_key, &sess->gdata_ctx, tag,\n+\t\t\t\tsession->gen_digest_length);\n+\n+\t\tif (session->req_digest_length != session->gen_digest_length)\n+\t\t\tmemcpy(digest, sess->temp_digest,\n+\t\t\t\t\tsession->req_digest_length);\n+\t\tbreak;\n+\n+\tcase AESNI_GCM_OP_AUTHENTICATED_DECRYPTION:\n+\t\ttag = sess->temp_digest;\n+\n+\t\tsess->finalize(&session->gdata_key, &sess->gdata_ctx, tag,\n+\t\t\t\tsession->gen_digest_length);\n+\n+\t\tif (memcmp(tag, digest,\tsession->req_digest_length) != 0)\n+\t\t\treturn -1;\n+\t\tbreak;\n+\tdefault:\n+\t\treturn -1;\n+\t}\n+\n+\treturn 0;\n+}\n+\n /**\n * Process a crypto operation, calling\n * the GCM API from the multi buffer library.\n@@ -488,8 +539,10 @@ aesni_gcm_create(const char *name,\n {\n \tstruct rte_cryptodev *dev;\n \tstruct aesni_gcm_private *internals;\n+\tstruct rte_security_ctx *sec_ctx;\n \tenum aesni_gcm_vector_mode vector_mode;\n \tMB_MGR *mb_mgr;\n+\tchar sec_name[RTE_DEV_NAME_MAX_LEN];\n \n \t/* Check CPU for support for AES instruction set */\n \tif (!rte_cpu_get_flag_enabled(RTE_CPUFLAG_AES)) {\n@@ -524,7 +577,8 @@ aesni_gcm_create(const char *name,\n \t\t\tRTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |\n \t\t\tRTE_CRYPTODEV_FF_CPU_AESNI |\n \t\t\tRTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |\n-\t\t\tRTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT;\n+\t\t\tRTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |\n+\t\t\tRTE_CRYPTODEV_FF_SECURITY;\n \n \tmb_mgr = alloc_mb_mgr(0);\n \tif (mb_mgr == NULL)\n@@ -587,6 +641,21 @@ aesni_gcm_create(const char *name,\n \n \tinternals->max_nb_queue_pairs = init_params->max_nb_queue_pairs;\n \n+\t/* setup security operations */\n+\tsnprintf(sec_name, sizeof(sec_name) - 1, \"aes_gcm_sec_%u\",\n+\t\t\tdev->driver_id);\n+\tsec_ctx = rte_zmalloc_socket(sec_name,\n+\t\t\tsizeof(struct rte_security_ctx),\n+\t\t\tRTE_CACHE_LINE_SIZE, init_params->socket_id);\n+\tif (sec_ctx == NULL) {\n+\t\tAESNI_GCM_LOG(ERR, \"memory allocation failed\\n\");\n+\t\tgoto error_exit;\n+\t}\n+\n+\tsec_ctx->device = (void *)dev;\n+\tsec_ctx->ops = rte_aesni_gcm_pmd_security_ops;\n+\tdev->security_ctx = sec_ctx;\n+\n #if IMB_VERSION_NUM >= IMB_VERSION(0, 50, 0)\n \tAESNI_GCM_LOG(INFO, \"IPSec Multi-buffer library version used: %s\\n\",\n \t\t\timb_get_version_str());\n@@ -641,6 +710,8 @@ aesni_gcm_remove(struct rte_vdev_device *vdev)\n \tif (cryptodev == NULL)\n \t\treturn -ENODEV;\n \n+\trte_free(cryptodev->security_ctx);\n+\n \tinternals = cryptodev->data->dev_private;\n \n \tfree_mb_mgr(internals->mb_mgr);\n@@ -648,6 +719,24 @@ aesni_gcm_remove(struct rte_vdev_device *vdev)\n \treturn rte_cryptodev_pmd_destroy(cryptodev);\n }\n \n+void\n+aesni_gcm_sec_crypto_process_bulk(struct rte_security_session *sess,\n+\t\tstruct rte_security_vec buf[], void *iv[], void *aad[],\n+\t\tvoid *digest[], int status[], uint32_t num)\n+{\n+\tstruct aesni_gcm_security_session *session =\n+\t\t\tget_sec_session_private_data(sess);\n+\tuint32_t i;\n+\n+\tif (unlikely(!session))\n+\t\treturn;\n+\n+\tfor (i = 0; i < num; i++)\n+\t\tstatus[i] = process_gcm_security_sgl_buf(session, &buf[i],\n+\t\t\t\t(uint8_t *)iv[i], (uint8_t *)aad[i],\n+\t\t\t\t(uint8_t *)digest[i]);\n+}\n+\n static struct rte_vdev_driver aesni_gcm_pmd_drv = {\n \t.probe = aesni_gcm_probe,\n \t.remove = aesni_gcm_remove\ndiff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c\nindex 2f66c7c58..cc71dbd60 100644\n--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c\n+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c\n@@ -7,6 +7,7 @@\n #include <rte_common.h>\n #include <rte_malloc.h>\n #include <rte_cryptodev_pmd.h>\n+#include <rte_security_driver.h>\n \n #include \"aesni_gcm_pmd_private.h\"\n \n@@ -316,6 +317,85 @@ aesni_gcm_pmd_sym_session_clear(struct rte_cryptodev *dev,\n \t}\n }\n \n+static int\n+aesni_gcm_security_session_create(void *dev,\n+\t\tstruct rte_security_session_conf *conf,\n+\t\tstruct rte_security_session *sess,\n+\t\tstruct rte_mempool *mempool)\n+{\n+\tstruct rte_cryptodev *cdev = dev;\n+\tstruct aesni_gcm_private *internals = cdev->data->dev_private;\n+\tstruct aesni_gcm_security_session *sess_priv;\n+\tint ret;\n+\n+\tif (!conf->crypto_xform) {\n+\t\tAESNI_GCM_LOG(ERR, \"Invalid security session conf\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tif (conf->crypto_xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {\n+\t\tAESNI_GCM_LOG(ERR, \"GMAC is not supported in security session\");\n+\t\treturn -EINVAL;\n+\t}\n+\n+\n+\tif (rte_mempool_get(mempool, (void **)(&sess_priv))) {\n+\t\tAESNI_GCM_LOG(ERR,\n+\t\t\t\t\"Couldn't get object from session mempool\");\n+\t\treturn -ENOMEM;\n+\t}\n+\n+\tret = aesni_gcm_set_session_parameters(internals->ops,\n+\t\t\t\t&sess_priv->sess, conf->crypto_xform);\n+\tif (ret != 0) {\n+\t\tAESNI_GCM_LOG(ERR, \"Failed configure session parameters\");\n+\n+\t\t/* Return session to mempool */\n+\t\trte_mempool_put(mempool, (void *)sess_priv);\n+\t\treturn ret;\n+\t}\n+\n+\tsess_priv->pre = internals->ops[sess_priv->sess.key].pre;\n+\tsess_priv->init = internals->ops[sess_priv->sess.key].init;\n+\tif (sess_priv->sess.op == AESNI_GCM_OP_AUTHENTICATED_ENCRYPTION) {\n+\t\tsess_priv->update =\n+\t\t\tinternals->ops[sess_priv->sess.key].update_enc;\n+\t\tsess_priv->finalize =\n+\t\t\tinternals->ops[sess_priv->sess.key].finalize_enc;\n+\t} else {\n+\t\tsess_priv->update =\n+\t\t\tinternals->ops[sess_priv->sess.key].update_dec;\n+\t\tsess_priv->finalize =\n+\t\t\tinternals->ops[sess_priv->sess.key].finalize_dec;\n+\t}\n+\n+\tsess->sess_private_data = sess_priv;\n+\n+\treturn 0;\n+}\n+\n+static int\n+aesni_gcm_security_session_destroy(void *dev __rte_unused,\n+\t\tstruct rte_security_session *sess)\n+{\n+\tvoid *sess_priv = get_sec_session_private_data(sess);\n+\n+\tif (sess_priv) {\n+\t\tstruct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);\n+\n+\t\tmemset(sess, 0, sizeof(struct aesni_gcm_security_session));\n+\t\tset_sec_session_private_data(sess, NULL);\n+\t\trte_mempool_put(sess_mp, sess_priv);\n+\t}\n+\treturn 0;\n+}\n+\n+static unsigned int\n+aesni_gcm_sec_session_get_size(__rte_unused void *device)\n+{\n+\treturn sizeof(struct aesni_gcm_security_session);\n+}\n+\n struct rte_cryptodev_ops aesni_gcm_pmd_ops = {\n \t\t.dev_configure\t\t= aesni_gcm_pmd_config,\n \t\t.dev_start\t\t= aesni_gcm_pmd_start,\n@@ -336,4 +416,19 @@ struct rte_cryptodev_ops aesni_gcm_pmd_ops = {\n \t\t.sym_session_clear\t= aesni_gcm_pmd_sym_session_clear\n };\n \n+static struct rte_security_ops aesni_gcm_security_ops = {\n+\t\t.session_create = aesni_gcm_security_session_create,\n+\t\t.session_get_size = aesni_gcm_sec_session_get_size,\n+\t\t.session_update = NULL,\n+\t\t.session_stats_get = NULL,\n+\t\t.session_destroy = aesni_gcm_security_session_destroy,\n+\t\t.set_pkt_metadata = NULL,\n+\t\t.capabilities_get = NULL,\n+\t\t.process_cpu_crypto_bulk =\n+\t\t\t\taesni_gcm_sec_crypto_process_bulk,\n+};\n+\n struct rte_cryptodev_ops *rte_aesni_gcm_pmd_ops = &aesni_gcm_pmd_ops;\n+\n+struct rte_security_ops *rte_aesni_gcm_pmd_security_ops =\n+\t\t&aesni_gcm_security_ops;\ndiff --git a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h\nindex 56b29e013..8e490b6ce 100644\n--- a/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h\n+++ b/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h\n@@ -114,5 +114,28 @@ aesni_gcm_set_session_parameters(const struct aesni_gcm_ops *ops,\n * Device specific operations function pointer structure */\n extern struct rte_cryptodev_ops *rte_aesni_gcm_pmd_ops;\n \n+/**\n+ * Security session structure.\n+ */\n+struct aesni_gcm_security_session {\n+\t/** Temp digest for decryption */\n+\tuint8_t temp_digest[DIGEST_LENGTH_MAX];\n+\t/** GCM operations */\n+\taesni_gcm_pre_t pre;\n+\taesni_gcm_init_t init;\n+\taesni_gcm_update_t update;\n+\taesni_gcm_finalize_t finalize;\n+\t/** AESNI-GCM session */\n+\tstruct aesni_gcm_session sess;\n+\t/** AESNI-GCM context */\n+\tstruct gcm_context_data gdata_ctx;\n+};\n+\n+extern void\n+aesni_gcm_sec_crypto_process_bulk(struct rte_security_session *sess,\n+\t\tstruct rte_security_vec buf[], void *iv[], void *aad[],\n+\t\tvoid *digest[], int status[], uint32_t num);\n+\n+extern struct rte_security_ops *rte_aesni_gcm_pmd_security_ops;\n \n #endif /* _RTE_AESNI_GCM_PMD_PRIVATE_H_ */\n", "prefixes": [ "02/10" ] }