| Message ID | 20210414202159.1075118-1-thomas@monjalon.net (mailing list archive) |
|---|---|
| State | Accepted, archived |
| Delegated to: | akhil goyal |
| Headers | show |
| Series | [v5] cryptodev: support multiple cipher data-units | expand |
| Context | Check | Description |
|---|---|---|
| ci/iol-testing | fail | Testing issues |
| ci/github-robot | success | github build: passed |
| ci/travis-robot | success | travis build: passed |
| ci/Intel-compilation | success | Compilation OK |
| ci/checkpatch | success | coding style OK |
> From: Matan Azrad <matan@nvidia.com> > > In cryptography, a block cipher is a deterministic algorithm operating > on fixed-length groups of bits, called blocks. > > A block cipher consists of two paired algorithms, one for encryption > and the other for decryption. Both algorithms accept two inputs: > an input block of size n bits and a key of size k bits; and both yield > an n-bit output block. The decryption algorithm is defined to be the > inverse function of the encryption. > > For AES standard the block size is 16 bytes. > For AES in XTS mode, the data to be encrypted\decrypted does not have to > be multiple of 16B size, the unit of data is called data-unit. > The data-unit size can be any size in range [16B, 2^24B], so, in this > case, a data stream is divided into N amount of equal data-units and > must be encrypted\decrypted in the same data-unit resolution. > > For ABI compatibility reason, the size is limited to 64K (16-bit field). > The new field dataunit_len is inserted in a struct padding hole, > which is only 2 bytes long in 32-bit build. > It could be moved and extended later during an ABI-breakage window. > > The current cryptodev API doesn't allow the user to select a specific > data-unit length supported by the devices. > In addition, there is no definition how the IV is detected per data-unit > when single operation includes more than one data-unit. > > That causes applications to use single operation per data-unit even though > all the data is continuous in memory what reduces datapath performance. > > Add a new feature flag to support multiple data-unit sizes, called > RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS. > Add a new field in cipher capability, called dataunit_set, > where the devices can report the range of the supported data-unit sizes. > Add a new cipher transformation field, called dataunit_len, where the user > can select the data-unit length for all the operations. > > All the new fields do not change the size of their structures, > by filling some struct padding holes. > They are added as exceptions in the ABI check file libabigail.abignore. > > Using a bitmap to report the supported data-unit sizes capability allows > the devices to report a range simply as same as the user to read it > simply. also, thus sizes are usually common and probably will be shared > among different devices. > > Signed-off-by: Matan Azrad <matan@nvidia.com> > Signed-off-by: Thomas Monjalon <thomas@monjalon.net> > --- Acked-by: Akhil Goyal <gakhil@marvell.com>
> > From: Matan Azrad <matan@nvidia.com> > > > > In cryptography, a block cipher is a deterministic algorithm operating > > on fixed-length groups of bits, called blocks. > > > > A block cipher consists of two paired algorithms, one for encryption > > and the other for decryption. Both algorithms accept two inputs: > > an input block of size n bits and a key of size k bits; and both yield > > an n-bit output block. The decryption algorithm is defined to be the > > inverse function of the encryption. > > > > For AES standard the block size is 16 bytes. > > For AES in XTS mode, the data to be encrypted\decrypted does not have to > > be multiple of 16B size, the unit of data is called data-unit. > > The data-unit size can be any size in range [16B, 2^24B], so, in this > > case, a data stream is divided into N amount of equal data-units and > > must be encrypted\decrypted in the same data-unit resolution. > > > > For ABI compatibility reason, the size is limited to 64K (16-bit field). > > The new field dataunit_len is inserted in a struct padding hole, > > which is only 2 bytes long in 32-bit build. > > It could be moved and extended later during an ABI-breakage window. > > > > The current cryptodev API doesn't allow the user to select a specific > > data-unit length supported by the devices. > > In addition, there is no definition how the IV is detected per data-unit > > when single operation includes more than one data-unit. > > > > That causes applications to use single operation per data-unit even though > > all the data is continuous in memory what reduces datapath performance. > > > > Add a new feature flag to support multiple data-unit sizes, called > > RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS. > > Add a new field in cipher capability, called dataunit_set, > > where the devices can report the range of the supported data-unit sizes. > > Add a new cipher transformation field, called dataunit_len, where the user > > can select the data-unit length for all the operations. > > > > All the new fields do not change the size of their structures, > > by filling some struct padding holes. > > They are added as exceptions in the ABI check file libabigail.abignore. > > > > Using a bitmap to report the supported data-unit sizes capability allows > > the devices to report a range simply as same as the user to read it > > simply. also, thus sizes are usually common and probably will be shared > > among different devices. > > > > Signed-off-by: Matan Azrad <matan@nvidia.com> > > Signed-off-by: Thomas Monjalon <thomas@monjalon.net> > > --- > Acked-by: Akhil Goyal <gakhil@marvell.com> Applied to dpdk-next-crypto This patch is causing ABI breakage at my end, but since CI is passing, I am applying this patch. I believe my libabigail version is older than what CI is using. @thomas : Please pull crypto tree to main and send the dependent patches again so that CI can run on them. Regards, Akhil
On Thu, Apr 15, 2021 at 9:01 PM Akhil Goyal <gakhil@marvell.com> wrote: > This patch is causing ABI breakage at my end, but since CI is passing, I am applying this patch. > I believe my libabigail version is older than what CI is using. I discussed this earlier with Thomas. This is likely the use of anonymous struct/union that was not understood by libabigail until recently. The public CI (Travis and GHA) uses libabigail 1.8.
diff --git a/devtools/libabigail.abignore b/devtools/libabigail.abignore index 6c0b38984e..bce940f2df 100644 --- a/devtools/libabigail.abignore +++ b/devtools/libabigail.abignore @@ -19,4 +19,14 @@ ; Ignore fields inserted in cacheline boundary of rte_cryptodev [suppress_type] name = rte_cryptodev - has_data_member_inserted_between = {offset_after(attached), end} \ No newline at end of file + has_data_member_inserted_between = {offset_after(attached), end} + +; Ignore fields inserted in union boundary of rte_cryptodev_symmetric_capability +[suppress_type] + name = rte_cryptodev_symmetric_capability + has_data_member_inserted_between = {offset_after(cipher.iv_size), end} + +; Ignore fields inserted in middle padding of rte_crypto_cipher_xform +[suppress_type] + name = rte_crypto_cipher_xform + has_data_member_inserted_between = {offset_after(key), offset_of(iv)} diff --git a/doc/guides/cryptodevs/features/default.ini b/doc/guides/cryptodevs/features/default.ini index 17b177fc45..978bb30cc1 100644 --- a/doc/guides/cryptodevs/features/default.ini +++ b/doc/guides/cryptodevs/features/default.ini @@ -31,6 +31,7 @@ CPU crypto = Symmetric sessionless = Non-Byte aligned data = Sym raw data path API = +Cipher multiple data units = ; ; Supported crypto algorithms of a default crypto driver. diff --git a/doc/guides/cryptodevs/overview.rst b/doc/guides/cryptodevs/overview.rst index e2a1e08ec1..e24e3e1993 100644 --- a/doc/guides/cryptodevs/overview.rst +++ b/doc/guides/cryptodevs/overview.rst @@ -46,6 +46,9 @@ Supported Feature Flags - "Digest encrypted" feature flag means PMD support hash-cipher cases, where generated digest is appended to and encrypted with the data. + - "CIPHER_MULTIPLE_DATA_UNITS" feature flag means PMD support operations + on multiple data-units message. + Supported Cipher Algorithms --------------------------- diff --git a/doc/guides/rel_notes/release_21_05.rst b/doc/guides/rel_notes/release_21_05.rst index 2e3bf5c95a..57b2744d1d 100644 --- a/doc/guides/rel_notes/release_21_05.rst +++ b/doc/guides/rel_notes/release_21_05.rst @@ -150,6 +150,12 @@ New Features * Added support for preferred busy polling. +* **Added support of multiple data-units in cryptodev API.** + + The cryptodev library has been enhanced to allow operations on multiple + data-units for AES-XTS algorithm, the data-unit length should be set in the + transformation. A capability for it was added too. + * **Updated Mellanox RegEx PMD.** * Added support for multi-segments mbuf. diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h index 9d572ec057..4e365b1eab 100644 --- a/lib/librte_cryptodev/rte_crypto_sym.h +++ b/lib/librte_cryptodev/rte_crypto_sym.h @@ -195,6 +195,9 @@ struct rte_crypto_cipher_xform { enum rte_crypto_cipher_algorithm algo; /**< Cipher algorithm */ + RTE_STD_C11 + union { /* temporary anonymous union for ABI compatibility */ + struct { const uint8_t *data; /**< pointer to key data */ uint16_t length; /**< key length in bytes */ @@ -222,6 +225,27 @@ struct rte_crypto_cipher_xform { * - Each key can be either 128 bits (16 bytes) or 256 bits (32 bytes). * - Both keys must have the same size. **/ + + RTE_STD_C11 + struct { /* temporary anonymous struct for ABI compatibility */ + const uint8_t *_key_data; /* reserved for key.data union */ + uint16_t _key_length; /* reserved for key.length union */ + /* next field can fill the padding hole */ + + uint16_t dataunit_len; + /**< When RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS is enabled, + * this is the data-unit length of the algorithm, + * otherwise or when the value is 0, use the operation length. + * The value should be in the range defined by the dataunit_set field + * in the cipher capability. + * + * - For AES-XTS it is the size of data-unit, from IEEE Std 1619-2007. + * For-each data-unit in the operation, the tweak (IV) value is + * assigned consecutively starting from the operation assigned IV. + */ + + }; }; /* temporary struct nested in union for ABI compatibility */ + struct { uint16_t offset; /**< Starting point for Initialisation Vector or Counter, @@ -701,9 +725,10 @@ struct rte_crypto_sym_op { /**< The message length, in bytes, of the * source buffer on which the cryptographic * operation will be computed. + * This is also the same as the result length. * This must be a multiple of the block size - * if a block cipher is being used. This is - * also the same as the result length. + * or a multiple of data-unit length + * as described in xform. * * @note * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2, diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c index 40f55a3cd0..e02e001325 100644 --- a/lib/librte_cryptodev/rte_cryptodev.c +++ b/lib/librte_cryptodev/rte_cryptodev.c @@ -617,6 +617,8 @@ rte_cryptodev_get_feature_name(uint64_t flag) return "SYM_SESSIONLESS"; case RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA: return "NON_BYTE_ALIGNED_DATA"; + case RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS: + return "CIPHER_MULTIPLE_DATA_UNITS"; default: return NULL; } diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h index ae34f33f69..7e80f4be26 100644 --- a/lib/librte_cryptodev/rte_cryptodev.h +++ b/lib/librte_cryptodev/rte_cryptodev.h @@ -95,6 +95,14 @@ struct rte_crypto_param_range { */ }; +/** + * Data-unit supported lengths of cipher algorithms. + * A bit can represent any set of data-unit sizes + * (single size, multiple size, range, etc). + */ +#define RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_512_BYTES RTE_BIT32(0) +#define RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_4096_BYTES RTE_BIT32(1) + /** * Symmetric Crypto Capability */ @@ -127,6 +135,12 @@ struct rte_cryptodev_symmetric_capability { /**< cipher key size range */ struct rte_crypto_param_range iv_size; /**< Initialisation vector data size range */ + uint32_t dataunit_set; + /**< + * Supported data-unit lengths: + * RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_* bits + * or 0 for lengths defined in the algorithm standard. + */ } cipher; /**< Symmetric Cipher transform capabilities */ struct { @@ -461,6 +475,8 @@ rte_cryptodev_asym_get_xform_enum(enum rte_crypto_asym_xform_type *xform_enum, /**< Support operations on data which is not byte aligned */ #define RTE_CRYPTODEV_FF_SYM_RAW_DP (1ULL << 24) /**< Support accelerator specific symmetric raw data-path APIs */ +#define RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS (1ULL << 25) +/**< Support operations on multiple data-units message */ /** * Get the name of a crypto device feature flag