[v3,1/6] cryptodev: introduce cpu crypto support API
Checks
Commit Message
Add new API allowing to process crypto operations in a synchronous
manner. Operations are performed on a set of SG arrays.
Sync mode is selected by setting appropriate flag in an xform
type number. Cryptodevs which allows CPU crypto operation mode have to
use RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO capability.
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
---
lib/librte_cryptodev/rte_crypto_sym.h | 62 ++++++++++++++++++-
lib/librte_cryptodev/rte_cryptodev.c | 30 +++++++++
lib/librte_cryptodev/rte_cryptodev.h | 20 ++++++
lib/librte_cryptodev/rte_cryptodev_pmd.h | 19 ++++++
.../rte_cryptodev_version.map | 1 +
5 files changed, 131 insertions(+), 1 deletion(-)
Comments
Hi Marcin,
> Add new API allowing to process crypto operations in a synchronous
> manner. Operations are performed on a set of SG arrays.
>
> Sync mode is selected by setting appropriate flag in an xform
> type number. Cryptodevs which allows CPU crypto operation mode have to
> use RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO capability.
>
> Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
> ---
> lib/librte_cryptodev/rte_crypto_sym.h | 62 ++++++++++++++++++-
> lib/librte_cryptodev/rte_cryptodev.c | 30 +++++++++
> lib/librte_cryptodev/rte_cryptodev.h | 20 ++++++
> lib/librte_cryptodev/rte_cryptodev_pmd.h | 19 ++++++
> .../rte_cryptodev_version.map | 1 +
> 5 files changed, 131 insertions(+), 1 deletion(-)
>
> diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
> index ffa038dc4..f5dd05ab0 100644
> --- a/lib/librte_cryptodev/rte_crypto_sym.h
> +++ b/lib/librte_cryptodev/rte_crypto_sym.h
> @@ -25,6 +25,59 @@ extern "C" {
> #include <rte_mempool.h>
> #include <rte_common.h>
>
> +/**
> + * Crypto IO Vector (in analogy with struct iovec)
> + * Supposed be used to pass input/output data buffers for crypto data-path
> + * functions.
> + */
> +struct rte_crypto_vec {
> + /** virtual address of the data buffer */
> + void *base;
> + /** IOVA of the data buffer */
> + rte_iova_t *iova;
> + /** length of the data buffer */
> + uint32_t len;
> +};
> +
> +struct rte_crypto_sgl {
> + /** start of an array of vectors */
> + struct rte_crypto_vec *vec;
> + /** size of an array of vectors */
> + uint32_t num;
> +};
> +
> +struct rte_crypto_sym_vec {
> + /** array of SGL vectors */
> + struct rte_crypto_sgl *sgl;
> + /** array of pointers to IV */
> + void **iv;
> + /** array of pointers to AAD */
> + void **aad;
> + /** array of pointers to digest */
> + void **digest;
> + /**
> + * array of statuses for each operation:
> + * - 0 on success
> + * - errno on error
> + */
> + int32_t *status;
> + /** number of operations to perform */
> + uint32_t num;
> +};
> +
> +/**
> + * used for cpu_crypto_process_bulk() to specify head/tail offsets
> + * for auth/cipher processing.
> + */
> +union rte_crypto_sym_ofs {
> + uint64_t raw;
> + struct {
> + struct {
> + uint16_t head;
> + uint16_t tail;
> + } auth, cipher;
> + } ofs;
> +};
>
> /** Symmetric Cipher Algorithms */
> enum rte_crypto_cipher_algorithm {
> @@ -425,7 +478,14 @@ enum rte_crypto_sym_xform_type {
> RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED = 0, /**< No xform specified */
> RTE_CRYPTO_SYM_XFORM_AUTH, /**< Authentication xform */
> RTE_CRYPTO_SYM_XFORM_CIPHER, /**< Cipher xform */
> - RTE_CRYPTO_SYM_XFORM_AEAD /**< AEAD xform */
> + RTE_CRYPTO_SYM_XFORM_AEAD, /**< AEAD xform */
> +
> + RTE_CRYPTO_SYM_XFORM_TYPE_MASK = 0xFFFF,
> + /**< xform type mask value */
> + RTE_CRYPTO_SYM_XFORM_FLAG_MASK = 0xFFFF0000,
> + /**< xform flag mask value */
> + RTE_CRYPTO_SYM_CPU_CRYPTO = 0x80000000,
> + /**< xform flag for cpu-crypto */
We probably can avoid that.
Instead just expect each PMD that does provide FF_SYM_CPU_CRYPTO capability
to always create session that is capable to work in both modes (sync/async).
Apart from that - LGTM.
Konstantin
> };
>
> /**
> diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
> index 89aa2ed3e..157fda890 100644
> --- a/lib/librte_cryptodev/rte_cryptodev.c
> +++ b/lib/librte_cryptodev/rte_cryptodev.c
> @@ -1616,6 +1616,36 @@ rte_cryptodev_sym_session_get_user_data(
> return (void *)(sess->sess_data + sess->nb_drivers);
> }
>
> +static inline void
> +sym_crypto_fill_status(struct rte_crypto_sym_vec *vec, int32_t errnum)
> +{
> + uint32_t i;
> + for (i = 0; i < vec->num; i++)
> + vec->status[i] = errnum;
> +}
> +
> +uint32_t
> +rte_cryptodev_sym_cpu_crypto_process(uint8_t dev_id,
> + struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs ofs,
> + struct rte_crypto_sym_vec *vec)
> +{
> + struct rte_cryptodev *dev;
> +
> + if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
> + sym_crypto_fill_status(vec, EINVAL);
> + return 0;
> + }
> +
> + dev = rte_cryptodev_pmd_get_dev(dev_id);
> +
> + if (*dev->dev_ops->sym_cpu_process == NULL) {
> + sym_crypto_fill_status(vec, ENOTSUP);
> + return 0;
> + }
> +
> + return dev->dev_ops->sym_cpu_process(dev, sess, ofs, vec);
> +}
> +
> /** Initialise rte_crypto_op mempool element */
> static void
> rte_crypto_op_init(struct rte_mempool *mempool,
> diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h
> index c6ffa3b35..8786dfb90 100644
> --- a/lib/librte_cryptodev/rte_cryptodev.h
> +++ b/lib/librte_cryptodev/rte_cryptodev.h
> @@ -450,6 +450,8 @@ rte_cryptodev_asym_get_xform_enum(enum rte_crypto_asym_xform_type *xform_enum,
> /**< Support encrypted-digest operations where digest is appended to data */
> #define RTE_CRYPTODEV_FF_ASYM_SESSIONLESS (1ULL << 20)
> /**< Support asymmetric session-less operations */
> +#define RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO (1ULL << 21)
> +/**< Support symmeteric cpu-crypto processing */
>
>
> /**
> @@ -1274,6 +1276,24 @@ void *
> rte_cryptodev_sym_session_get_user_data(
> struct rte_cryptodev_sym_session *sess);
>
> +/**
> + * Perform actual crypto processing (encrypt/digest or auth/decrypt)
> + * on user provided data.
> + *
> + * @param dev_id The device identifier.
> + * @param sess Cryptodev session structure
> + * @param ofs Start and stop offsets for auth and cipher operations
> + * @param vec Vectorized operation descriptor
> + *
> + * @return
> + * - Returns number of successfully processed packets.
> + */
> +__rte_experimental
> +uint32_t
> +rte_cryptodev_sym_cpu_crypto_process(uint8_t dev_id,
> + struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs ofs,
> + struct rte_crypto_sym_vec *vec);
> +
> #ifdef __cplusplus
> }
> #endif
> diff --git a/lib/librte_cryptodev/rte_cryptodev_pmd.h b/lib/librte_cryptodev/rte_cryptodev_pmd.h
> index fba14f2fa..5d9ee5fef 100644
> --- a/lib/librte_cryptodev/rte_cryptodev_pmd.h
> +++ b/lib/librte_cryptodev/rte_cryptodev_pmd.h
> @@ -308,6 +308,23 @@ typedef void (*cryptodev_sym_free_session_t)(struct rte_cryptodev *dev,
> */
> typedef void (*cryptodev_asym_free_session_t)(struct rte_cryptodev *dev,
> struct rte_cryptodev_asym_session *sess);
> +/**
> + * Perform actual crypto processing (encrypt/digest or auth/decrypt)
> + * on user provided data.
> + *
> + * @param dev Crypto device pointer
> + * @param sess Cryptodev session structure
> + * @param ofs Start and stop offsets for auth and cipher operations
> + * @param vec Vectorized operation descriptor
> + *
> + * @return
> + * - Returns number of successfully processed packets.
> + *
> + */
> +typedef uint32_t (*cryptodev_sym_cpu_crypto_process_t)
> + (struct rte_cryptodev *dev, struct rte_cryptodev_sym_session *sess,
> + union rte_crypto_sym_ofs ofs, struct rte_crypto_sym_vec *vec);
> +
>
> /** Crypto device operations function pointer table */
> struct rte_cryptodev_ops {
> @@ -342,6 +359,8 @@ struct rte_cryptodev_ops {
> /**< Clear a Crypto sessions private data. */
> cryptodev_asym_free_session_t asym_session_clear;
> /**< Clear a Crypto sessions private data. */
> + cryptodev_sym_cpu_crypto_process_t sym_cpu_process;
> + /**< process input data synchronously (cpu-crypto). */
> };
>
>
> diff --git a/lib/librte_cryptodev/rte_cryptodev_version.map b/lib/librte_cryptodev/rte_cryptodev_version.map
> index 1dd1e259a..6e41b4be5 100644
> --- a/lib/librte_cryptodev/rte_cryptodev_version.map
> +++ b/lib/librte_cryptodev/rte_cryptodev_version.map
> @@ -71,6 +71,7 @@ EXPERIMENTAL {
> rte_cryptodev_asym_session_init;
> rte_cryptodev_asym_xform_capability_check_modlen;
> rte_cryptodev_asym_xform_capability_check_optype;
> + rte_cryptodev_sym_cpu_crypto_process;
> rte_cryptodev_sym_get_existing_header_session_size;
> rte_cryptodev_sym_session_get_user_data;
> rte_cryptodev_sym_session_pool_create;
> --
> 2.17.1
Hi Marcin,
> -----Original Message-----
> From: Smoczynski, MarcinX <marcinx.smoczynski@intel.com>
> Sent: Wednesday, January 15, 2020 6:28 PM
> To: akhil.goyal@nxp.com; Ananyev, Konstantin
> <konstantin.ananyev@intel.com>; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>; Doherty, Declan <declan.doherty@intel.com>;
> Nicolau, Radu <radu.nicolau@intel.com>
> Cc: dev@dpdk.org; Smoczynski, MarcinX <marcinx.smoczynski@intel.com>
> Subject: [PATCH v3 1/6] cryptodev: introduce cpu crypto support API
>
> Add new API allowing to process crypto operations in a synchronous manner.
> Operations are performed on a set of SG arrays.
>
> Sync mode is selected by setting appropriate flag in an xform type number.
> Cryptodevs which allows CPU crypto operation mode have to use
> RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO capability.
>
> Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
> ---
> lib/librte_cryptodev/rte_crypto_sym.h | 62 ++++++++++++++++++-
> lib/librte_cryptodev/rte_cryptodev.c | 30 +++++++++
> lib/librte_cryptodev/rte_cryptodev.h | 20 ++++++
> lib/librte_cryptodev/rte_cryptodev_pmd.h | 19 ++++++
> .../rte_cryptodev_version.map | 1 +
> 5 files changed, 131 insertions(+), 1 deletion(-)
>
> diff --git a/lib/librte_cryptodev/rte_crypto_sym.h
> b/lib/librte_cryptodev/rte_crypto_sym.h
> index ffa038dc4..f5dd05ab0 100644
> --- a/lib/librte_cryptodev/rte_crypto_sym.h
> +++ b/lib/librte_cryptodev/rte_crypto_sym.h
> @@ -25,6 +25,59 @@ extern "C" {
> #include <rte_mempool.h>
> #include <rte_common.h>
>
> +/**
> + * Crypto IO Vector (in analogy with struct iovec)
> + * Supposed be used to pass input/output data buffers for crypto
> +data-path
> + * functions.
> + */
> +struct rte_crypto_vec {
> + /** virtual address of the data buffer */
> + void *base;
> + /** IOVA of the data buffer */
> + rte_iova_t *iova;
> + /** length of the data buffer */
> + uint32_t len;
> +};
> +
> +struct rte_crypto_sgl {
> + /** start of an array of vectors */
> + struct rte_crypto_vec *vec;
> + /** size of an array of vectors */
> + uint32_t num;
> +};
> +
> +struct rte_crypto_sym_vec {
> + /** array of SGL vectors */
> + struct rte_crypto_sgl *sgl;
> + /** array of pointers to IV */
> + void **iv;
> + /** array of pointers to AAD */
> + void **aad;
> + /** array of pointers to digest */
> + void **digest;
> + /**
> + * array of statuses for each operation:
> + * - 0 on success
> + * - errno on error
> + */
> + int32_t *status;
> + /** number of operations to perform */
> + uint32_t num;
> +};
> +
> +/**
> + * used for cpu_crypto_process_bulk() to specify head/tail offsets
> + * for auth/cipher processing.
> + */
> +union rte_crypto_sym_ofs {
> + uint64_t raw;
> + struct {
> + struct {
> + uint16_t head;
> + uint16_t tail;
> + } auth, cipher;
> + } ofs;
> +};
>
> /** Symmetric Cipher Algorithms */
> enum rte_crypto_cipher_algorithm {
> @@ -425,7 +478,14 @@ enum rte_crypto_sym_xform_type {
> RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED = 0, /**< No
> xform specified */
> RTE_CRYPTO_SYM_XFORM_AUTH, /**< Authentication
> xform */
> RTE_CRYPTO_SYM_XFORM_CIPHER, /**< Cipher xform */
> - RTE_CRYPTO_SYM_XFORM_AEAD /**< AEAD xform */
> + RTE_CRYPTO_SYM_XFORM_AEAD, /**< AEAD xform */
> +
> + RTE_CRYPTO_SYM_XFORM_TYPE_MASK = 0xFFFF,
> + /**< xform type mask value */
> + RTE_CRYPTO_SYM_XFORM_FLAG_MASK = 0xFFFF0000,
> + /**< xform flag mask value */
> + RTE_CRYPTO_SYM_CPU_CRYPTO = 0x80000000,
> + /**< xform flag for cpu-crypto */
> };
>
Fan: what I believe RTE_CRYPTO_SYM_XFORM_TYPE_MASK and RTE_CRYPTO_SYM_XFORM_FLAG_MASK should be define outside the enum, but as a marco define. Also I think we missed a doc update patch in the patchset.
Other than that everything looks great.
@@ -25,6 +25,59 @@ extern "C" {
#include <rte_mempool.h>
#include <rte_common.h>
+/**
+ * Crypto IO Vector (in analogy with struct iovec)
+ * Supposed be used to pass input/output data buffers for crypto data-path
+ * functions.
+ */
+struct rte_crypto_vec {
+ /** virtual address of the data buffer */
+ void *base;
+ /** IOVA of the data buffer */
+ rte_iova_t *iova;
+ /** length of the data buffer */
+ uint32_t len;
+};
+
+struct rte_crypto_sgl {
+ /** start of an array of vectors */
+ struct rte_crypto_vec *vec;
+ /** size of an array of vectors */
+ uint32_t num;
+};
+
+struct rte_crypto_sym_vec {
+ /** array of SGL vectors */
+ struct rte_crypto_sgl *sgl;
+ /** array of pointers to IV */
+ void **iv;
+ /** array of pointers to AAD */
+ void **aad;
+ /** array of pointers to digest */
+ void **digest;
+ /**
+ * array of statuses for each operation:
+ * - 0 on success
+ * - errno on error
+ */
+ int32_t *status;
+ /** number of operations to perform */
+ uint32_t num;
+};
+
+/**
+ * used for cpu_crypto_process_bulk() to specify head/tail offsets
+ * for auth/cipher processing.
+ */
+union rte_crypto_sym_ofs {
+ uint64_t raw;
+ struct {
+ struct {
+ uint16_t head;
+ uint16_t tail;
+ } auth, cipher;
+ } ofs;
+};
/** Symmetric Cipher Algorithms */
enum rte_crypto_cipher_algorithm {
@@ -425,7 +478,14 @@ enum rte_crypto_sym_xform_type {
RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED = 0, /**< No xform specified */
RTE_CRYPTO_SYM_XFORM_AUTH, /**< Authentication xform */
RTE_CRYPTO_SYM_XFORM_CIPHER, /**< Cipher xform */
- RTE_CRYPTO_SYM_XFORM_AEAD /**< AEAD xform */
+ RTE_CRYPTO_SYM_XFORM_AEAD, /**< AEAD xform */
+
+ RTE_CRYPTO_SYM_XFORM_TYPE_MASK = 0xFFFF,
+ /**< xform type mask value */
+ RTE_CRYPTO_SYM_XFORM_FLAG_MASK = 0xFFFF0000,
+ /**< xform flag mask value */
+ RTE_CRYPTO_SYM_CPU_CRYPTO = 0x80000000,
+ /**< xform flag for cpu-crypto */
};
/**
@@ -1616,6 +1616,36 @@ rte_cryptodev_sym_session_get_user_data(
return (void *)(sess->sess_data + sess->nb_drivers);
}
+static inline void
+sym_crypto_fill_status(struct rte_crypto_sym_vec *vec, int32_t errnum)
+{
+ uint32_t i;
+ for (i = 0; i < vec->num; i++)
+ vec->status[i] = errnum;
+}
+
+uint32_t
+rte_cryptodev_sym_cpu_crypto_process(uint8_t dev_id,
+ struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs ofs,
+ struct rte_crypto_sym_vec *vec)
+{
+ struct rte_cryptodev *dev;
+
+ if (!rte_cryptodev_pmd_is_valid_dev(dev_id)) {
+ sym_crypto_fill_status(vec, EINVAL);
+ return 0;
+ }
+
+ dev = rte_cryptodev_pmd_get_dev(dev_id);
+
+ if (*dev->dev_ops->sym_cpu_process == NULL) {
+ sym_crypto_fill_status(vec, ENOTSUP);
+ return 0;
+ }
+
+ return dev->dev_ops->sym_cpu_process(dev, sess, ofs, vec);
+}
+
/** Initialise rte_crypto_op mempool element */
static void
rte_crypto_op_init(struct rte_mempool *mempool,
@@ -450,6 +450,8 @@ rte_cryptodev_asym_get_xform_enum(enum rte_crypto_asym_xform_type *xform_enum,
/**< Support encrypted-digest operations where digest is appended to data */
#define RTE_CRYPTODEV_FF_ASYM_SESSIONLESS (1ULL << 20)
/**< Support asymmetric session-less operations */
+#define RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO (1ULL << 21)
+/**< Support symmeteric cpu-crypto processing */
/**
@@ -1274,6 +1276,24 @@ void *
rte_cryptodev_sym_session_get_user_data(
struct rte_cryptodev_sym_session *sess);
+/**
+ * Perform actual crypto processing (encrypt/digest or auth/decrypt)
+ * on user provided data.
+ *
+ * @param dev_id The device identifier.
+ * @param sess Cryptodev session structure
+ * @param ofs Start and stop offsets for auth and cipher operations
+ * @param vec Vectorized operation descriptor
+ *
+ * @return
+ * - Returns number of successfully processed packets.
+ */
+__rte_experimental
+uint32_t
+rte_cryptodev_sym_cpu_crypto_process(uint8_t dev_id,
+ struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs ofs,
+ struct rte_crypto_sym_vec *vec);
+
#ifdef __cplusplus
}
#endif
@@ -308,6 +308,23 @@ typedef void (*cryptodev_sym_free_session_t)(struct rte_cryptodev *dev,
*/
typedef void (*cryptodev_asym_free_session_t)(struct rte_cryptodev *dev,
struct rte_cryptodev_asym_session *sess);
+/**
+ * Perform actual crypto processing (encrypt/digest or auth/decrypt)
+ * on user provided data.
+ *
+ * @param dev Crypto device pointer
+ * @param sess Cryptodev session structure
+ * @param ofs Start and stop offsets for auth and cipher operations
+ * @param vec Vectorized operation descriptor
+ *
+ * @return
+ * - Returns number of successfully processed packets.
+ *
+ */
+typedef uint32_t (*cryptodev_sym_cpu_crypto_process_t)
+ (struct rte_cryptodev *dev, struct rte_cryptodev_sym_session *sess,
+ union rte_crypto_sym_ofs ofs, struct rte_crypto_sym_vec *vec);
+
/** Crypto device operations function pointer table */
struct rte_cryptodev_ops {
@@ -342,6 +359,8 @@ struct rte_cryptodev_ops {
/**< Clear a Crypto sessions private data. */
cryptodev_asym_free_session_t asym_session_clear;
/**< Clear a Crypto sessions private data. */
+ cryptodev_sym_cpu_crypto_process_t sym_cpu_process;
+ /**< process input data synchronously (cpu-crypto). */
};
@@ -71,6 +71,7 @@ EXPERIMENTAL {
rte_cryptodev_asym_session_init;
rte_cryptodev_asym_xform_capability_check_modlen;
rte_cryptodev_asym_xform_capability_check_optype;
+ rte_cryptodev_sym_cpu_crypto_process;
rte_cryptodev_sym_get_existing_header_session_size;
rte_cryptodev_sym_session_get_user_data;
rte_cryptodev_sym_session_pool_create;