diff mbox series

[v4] cryptodev: support multiple cipher data-units

Message ID 20210413204250.3989341-1-thomas@monjalon.net (mailing list archive)
State Superseded, archived
Delegated to: akhil goyal
Headers show
Series [v4] cryptodev: support multiple cipher data-units | expand

Checks

Context Check Description
ci/iol-testing success Testing PASS
ci/intel-Testing success Testing PASS
ci/Intel-compilation success Compilation OK
ci/github-robot success github build: passed
ci/travis-robot success travis build: passed
ci/checkpatch success coding style OK

Commit Message

Thomas Monjalon April 13, 2021, 8:42 p.m. UTC 
From: Matan Azrad <matan@nvidia.com>

In cryptography, a block cipher is a deterministic algorithm operating
on fixed-length groups of bits, called blocks.

A block cipher consists of two paired algorithms, one for encryption
and the other for decryption. Both algorithms accept two inputs:
an input block of size n bits and a key of size k bits; and both yield
an n-bit output block. The decryption algorithm is defined to be the
inverse function of the encryption.

For AES standard the block size is 16 bytes.
For AES in XTS mode, the data to be encrypted\decrypted does not have to
be multiple of 16B size, the unit of data is called data-unit.
The data-unit size can be any size in range [16B, 2^24B], so, in this
case, a data stream is divided into N amount of equal data-units and
must be encrypted\decrypted in the same data-unit resolution.

For ABI compatibility reason, the size is limited to 64K (16-bit field).
The new field dataunit_len is inserted in a struct padding hole,
which is only 2 bytes long in 32-bit build.
It could be moved and extended later during an ABI-breakage window.

The current cryptodev API doesn't allow the user to select a specific
data-unit length supported by the devices.
In addition, there is no definition how the IV is detected per data-unit
when single operation includes more than one data-unit.

That causes applications to use single operation per data-unit even though
all the data is continuous in memory what reduces datapath performance.

Add a new feature flag to support multiple data-unit sizes, called
RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS.
Add a new field in cipher capability, called dataunit_set,
where the devices can report the range of the supported data-unit sizes.
Add a new cipher transformation field, called dataunit_len, where the user
can select the data-unit length for all the operations.

All the new fields do not change the size of their structures,
by filling some struct padding holes.
They are added as exceptions in the ABI check file libabigail.abignore.

Using a bitmap to report the supported data-unit sizes capability allows
the devices to report a range simply as same as the user to read it
simply. also, thus sizes are usually common and probably will be shared
among different devices.

Signed-off-by: Matan Azrad <matan@nvidia.com>
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
---
v1:
- Use data-unit term instead of block.
- Update cipher length description in OP.
- Improve descriptions on xform and capability.
- Improve commit log.

v2:
- Fix typo: MULITPLE->MULTIPLE.
- Remain only planned supported sizes for data-unit capability.

v3:
- Improve some comments.
- Fix ABI breakage.

v4:
- Remove RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_1M_BYTES
- Fix dataunit_len placement in padding hole
---
 devtools/libabigail.abignore               | 12 ++++++++-
 doc/guides/cryptodevs/features/default.ini |  1 +
 doc/guides/cryptodevs/overview.rst         |  3 +++
 doc/guides/rel_notes/release_21_05.rst     |  6 +++++
 lib/librte_cryptodev/rte_crypto_sym.h      | 29 ++++++++++++++++++++--
 lib/librte_cryptodev/rte_cryptodev.c       |  2 ++
 lib/librte_cryptodev/rte_cryptodev.h       | 15 +++++++++++
 7 files changed, 65 insertions(+), 3 deletions(-)

Comments

Akhil Goyal April 14, 2021, 6:37 p.m. UTC | #1 
Hi Thomas,

> +	RTE_STD_C11
> +	union { /* temporary anonymous union for ABI compatibility */
> +
>  	struct {
>  		const uint8_t *data;	/**< pointer to key data */
>  		uint16_t length;	/**< key length in bytes */
> @@ -222,6 +225,27 @@ struct rte_crypto_cipher_xform {
>  	 *  - Each key can be either 128 bits (16 bytes) or 256 bits (32 bytes).
>  	 *  - Both keys must have the same size.
>  	 **/
> +
> +	RTE_STD_C11
> +	struct { /* temporary anonymous struct for ABI compatibility */
> +		const uint8_t *_key_data; /* reserved for key.data union */
> +		uint16_t _key_length;     /* reserved for key.length union */
> +		/* next field can fill the padding hole */
> +
> +	uint16_t dataunit_len;
> +	/**< When RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS is
> enabled,
> +	 * this is the data-unit length of the algorithm,
> +	 * otherwise or when the value is 0, use the operation length.
> +	 * The value should be in the range defined by the dataunit_set field
> +	 * in the cipher capability.
> +	 *
> +	 * - For AES-XTS it is the size of data-unit, from IEEE Std 1619-2007.
> +	 * For-each data-unit in the operation, the tweak (IV) value is
> +	 * assigned consecutively starting from the operation assigned IV.
> +	 */
> +
> +	}; }; /* temporary struct nested in union for ABI compatibility */
> +
Can we add a deprecation notice also in this patch to remove these temporary
Struct and union, so that we remember to remove them in 21.11

> +/**
> + * Data-unit supported lengths of cipher algorithms.
> + * A bit can represent any set of data-unit sizes
> + * (single size, multiple size, range, etc).
> + */
> +#define RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_512_BYTES	(1 << 0)
> +#define RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_4096_BYTES	(1 << 1)
> +
>  /**
>   * Symmetric Crypto Capability
>   */
> @@ -127,6 +135,11 @@ struct rte_cryptodev_symmetric_capability {
>  			/**< cipher key size range */
>  			struct rte_crypto_param_range iv_size;
>  			/**< Initialisation vector data size range */
> +			uint32_t dataunit_set;
> +			/**<
> +			 * A bitmap for a set of the supported data-unit
> lengths.

Add reference to the newly created macros here

> +			 * 0 for any length defined in the algorithm standard.
> +			 */
Thomas Monjalon April 14, 2021, 7:38 p.m. UTC | #2 
14/04/2021 20:37, Akhil Goyal:
> Hi Thomas,
> 
> > +	RTE_STD_C11
> > +	union { /* temporary anonymous union for ABI compatibility */
> > +
> >  	struct {
> >  		const uint8_t *data;	/**< pointer to key data */
> >  		uint16_t length;	/**< key length in bytes */
> > @@ -222,6 +225,27 @@ struct rte_crypto_cipher_xform {
> >  	 *  - Each key can be either 128 bits (16 bytes) or 256 bits (32 bytes).
> >  	 *  - Both keys must have the same size.
> >  	 **/
> > +
> > +	RTE_STD_C11
> > +	struct { /* temporary anonymous struct for ABI compatibility */
> > +		const uint8_t *_key_data; /* reserved for key.data union */
> > +		uint16_t _key_length;     /* reserved for key.length union */
> > +		/* next field can fill the padding hole */
> > +
> > +	uint16_t dataunit_len;
> > +	/**< When RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS is
> > enabled,
> > +	 * this is the data-unit length of the algorithm,
> > +	 * otherwise or when the value is 0, use the operation length.
> > +	 * The value should be in the range defined by the dataunit_set field
> > +	 * in the cipher capability.
> > +	 *
> > +	 * - For AES-XTS it is the size of data-unit, from IEEE Std 1619-2007.
> > +	 * For-each data-unit in the operation, the tweak (IV) value is
> > +	 * assigned consecutively starting from the operation assigned IV.
> > +	 */
> > +
> > +	}; }; /* temporary struct nested in union for ABI compatibility */
> > +
> Can we add a deprecation notice also in this patch to remove these temporary
> Struct and union, so that we remember to remove them in 21.11

I thought about it, but a deprecation notice may involve
new design considerations and requires 3 approvals.
I think it is better to send it separately.

> > @@ -127,6 +135,11 @@ struct rte_cryptodev_symmetric_capability {
> >  			/**< cipher key size range */
> >  			struct rte_crypto_param_range iv_size;
> >  			/**< Initialisation vector data size range */
> > +			uint32_t dataunit_set;
> > +			/**<
> > +			 * A bitmap for a set of the supported data-unit
> > lengths.
> 
> Add reference to the newly created macros here
> 
> > +			 * 0 for any length defined in the algorithm standard.
> > +			 */

Yes, I've seen this miss after sending.
I'll reword like this:
  * Supported data-unit lengths:
  * RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_* bits
  * or 0 for lengths defined in the algorithm standard.
Akhil Goyal April 14, 2021, 7:43 p.m. UTC | #3 
> 
> 14/04/2021 20:37, Akhil Goyal:
> > Hi Thomas,
> >
> > > +	RTE_STD_C11
> > > +	union { /* temporary anonymous union for ABI compatibility */
> > > +
> > >  	struct {
> > >  		const uint8_t *data;	/**< pointer to key data */
> > >  		uint16_t length;	/**< key length in bytes */
> > > @@ -222,6 +225,27 @@ struct rte_crypto_cipher_xform {
> > >  	 *  - Each key can be either 128 bits (16 bytes) or 256 bits (32 bytes).
> > >  	 *  - Both keys must have the same size.
> > >  	 **/
> > > +
> > > +	RTE_STD_C11
> > > +	struct { /* temporary anonymous struct for ABI compatibility */
> > > +		const uint8_t *_key_data; /* reserved for key.data union */
> > > +		uint16_t _key_length;     /* reserved for key.length union */
> > > +		/* next field can fill the padding hole */
> > > +
> > > +	uint16_t dataunit_len;
> > > +	/**< When RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS is
> > > enabled,
> > > +	 * this is the data-unit length of the algorithm,
> > > +	 * otherwise or when the value is 0, use the operation length.
> > > +	 * The value should be in the range defined by the dataunit_set field
> > > +	 * in the cipher capability.
> > > +	 *
> > > +	 * - For AES-XTS it is the size of data-unit, from IEEE Std 1619-2007.
> > > +	 * For-each data-unit in the operation, the tweak (IV) value is
> > > +	 * assigned consecutively starting from the operation assigned IV.
> > > +	 */
> > > +
> > > +	}; }; /* temporary struct nested in union for ABI compatibility */
> > > +
> > Can we add a deprecation notice also in this patch to remove these
> temporary
> > Struct and union, so that we remember to remove them in 21.11
> 
> I thought about it, but a deprecation notice may involve
> new design considerations and requires 3 approvals.
> I think it is better to send it separately.
In that case you can send it as a separate patch now only.
Just wanted to make sure that it is not forgotten.

> 
> > > @@ -127,6 +135,11 @@ struct rte_cryptodev_symmetric_capability {
> > >  			/**< cipher key size range */
> > >  			struct rte_crypto_param_range iv_size;
> > >  			/**< Initialisation vector data size range */
> > > +			uint32_t dataunit_set;
> > > +			/**<
> > > +			 * A bitmap for a set of the supported data-unit
> > > lengths.
> >
> > Add reference to the newly created macros here
> >
> > > +			 * 0 for any length defined in the algorithm standard.
> > > +			 */
> 
> Yes, I've seen this miss after sending.
> I'll reword like this:
>   * Supported data-unit lengths:
>   * RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_* bits
>   * or 0 for lengths defined in the algorithm standard.

OK
Thomas Monjalon April 14, 2021, 8:17 p.m. UTC | #4 
14/04/2021 21:43, Akhil Goyal:
> > 14/04/2021 20:37, Akhil Goyal:
> > > Hi Thomas,
> > >
> > > > +	RTE_STD_C11
> > > > +	union { /* temporary anonymous union for ABI compatibility */
> > > > +
> > > >  	struct {
> > > >  		const uint8_t *data;	/**< pointer to key data */
> > > >  		uint16_t length;	/**< key length in bytes */
> > > > @@ -222,6 +225,27 @@ struct rte_crypto_cipher_xform {
> > > >  	 *  - Each key can be either 128 bits (16 bytes) or 256 bits (32 bytes).
> > > >  	 *  - Both keys must have the same size.
> > > >  	 **/
> > > > +
> > > > +	RTE_STD_C11
> > > > +	struct { /* temporary anonymous struct for ABI compatibility */
> > > > +		const uint8_t *_key_data; /* reserved for key.data union */
> > > > +		uint16_t _key_length;     /* reserved for key.length union */
> > > > +		/* next field can fill the padding hole */
> > > > +
> > > > +	uint16_t dataunit_len;
> > > > +	/**< When RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS is
> > > > enabled,
> > > > +	 * this is the data-unit length of the algorithm,
> > > > +	 * otherwise or when the value is 0, use the operation length.
> > > > +	 * The value should be in the range defined by the dataunit_set field
> > > > +	 * in the cipher capability.
> > > > +	 *
> > > > +	 * - For AES-XTS it is the size of data-unit, from IEEE Std 1619-2007.
> > > > +	 * For-each data-unit in the operation, the tweak (IV) value is
> > > > +	 * assigned consecutively starting from the operation assigned IV.
> > > > +	 */
> > > > +
> > > > +	}; }; /* temporary struct nested in union for ABI compatibility */
> > > > +
> > > Can we add a deprecation notice also in this patch to remove these
> > temporary
> > > Struct and union, so that we remember to remove them in 21.11
> > 
> > I thought about it, but a deprecation notice may involve
> > new design considerations and requires 3 approvals.
> > I think it is better to send it separately.
> 
> In that case you can send it as a separate patch now only.
> Just wanted to make sure that it is not forgotten.

Yes, sent:
https://patches.dpdk.org/project/dpdk/patch/20210414201544.1063413-1-thomas@monjalon.net/
diff mbox series

Patch

diff --git a/devtools/libabigail.abignore b/devtools/libabigail.abignore
index 6c0b38984e..bce940f2df 100644
--- a/devtools/libabigail.abignore
+++ b/devtools/libabigail.abignore
@@ -19,4 +19,14 @@ 
 ; Ignore fields inserted in cacheline boundary of rte_cryptodev
 [suppress_type]
         name = rte_cryptodev
-        has_data_member_inserted_between = {offset_after(attached), end}
\ No newline at end of file
+        has_data_member_inserted_between = {offset_after(attached), end}
+
+; Ignore fields inserted in union boundary of rte_cryptodev_symmetric_capability
+[suppress_type]
+        name = rte_cryptodev_symmetric_capability
+        has_data_member_inserted_between = {offset_after(cipher.iv_size), end}
+
+; Ignore fields inserted in middle padding of rte_crypto_cipher_xform
+[suppress_type]
+        name = rte_crypto_cipher_xform
+        has_data_member_inserted_between = {offset_after(key), offset_of(iv)}
diff --git a/doc/guides/cryptodevs/features/default.ini b/doc/guides/cryptodevs/features/default.ini
index 17b177fc45..978bb30cc1 100644
--- a/doc/guides/cryptodevs/features/default.ini
+++ b/doc/guides/cryptodevs/features/default.ini
@@ -31,6 +31,7 @@  CPU crypto             =
 Symmetric sessionless  =
 Non-Byte aligned data  =
 Sym raw data path API  =
+Cipher multiple data units =
 
 ;
 ; Supported crypto algorithms of a default crypto driver.
diff --git a/doc/guides/cryptodevs/overview.rst b/doc/guides/cryptodevs/overview.rst
index e2a1e08ec1..e24e3e1993 100644
--- a/doc/guides/cryptodevs/overview.rst
+++ b/doc/guides/cryptodevs/overview.rst
@@ -46,6 +46,9 @@  Supported Feature Flags
    - "Digest encrypted" feature flag means PMD support hash-cipher cases,
      where generated digest is appended to and encrypted with the data.
 
+   - "CIPHER_MULTIPLE_DATA_UNITS" feature flag means PMD support operations
+      on multiple data-units message.
+
 
 Supported Cipher Algorithms
 ---------------------------
diff --git a/doc/guides/rel_notes/release_21_05.rst b/doc/guides/rel_notes/release_21_05.rst
index 9a666b629d..2dc776c35e 100644
--- a/doc/guides/rel_notes/release_21_05.rst
+++ b/doc/guides/rel_notes/release_21_05.rst
@@ -145,6 +145,12 @@  New Features
 
   * Added support for preferred busy polling.
 
+* **Added support of multiple data-units in cryptodev API.**
+
+  The cryptodev library has been enhanced to allow operations on multiple
+  data-units for AES-XTS algorithm, the data-unit length should be set in the
+  transformation. A capability for it was added too.
+
 * **Updated Mellanox RegEx PMD.**
 
   * Added support for multi-segments mbuf.
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 9d572ec057..4e365b1eab 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -195,6 +195,9 @@  struct rte_crypto_cipher_xform {
 	enum rte_crypto_cipher_algorithm algo;
 	/**< Cipher algorithm */
 
+	RTE_STD_C11
+	union { /* temporary anonymous union for ABI compatibility */
+
 	struct {
 		const uint8_t *data;	/**< pointer to key data */
 		uint16_t length;	/**< key length in bytes */
@@ -222,6 +225,27 @@  struct rte_crypto_cipher_xform {
 	 *  - Each key can be either 128 bits (16 bytes) or 256 bits (32 bytes).
 	 *  - Both keys must have the same size.
 	 **/
+
+	RTE_STD_C11
+	struct { /* temporary anonymous struct for ABI compatibility */
+		const uint8_t *_key_data; /* reserved for key.data union */
+		uint16_t _key_length;     /* reserved for key.length union */
+		/* next field can fill the padding hole */
+
+	uint16_t dataunit_len;
+	/**< When RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS is enabled,
+	 * this is the data-unit length of the algorithm,
+	 * otherwise or when the value is 0, use the operation length.
+	 * The value should be in the range defined by the dataunit_set field
+	 * in the cipher capability.
+	 *
+	 * - For AES-XTS it is the size of data-unit, from IEEE Std 1619-2007.
+	 * For-each data-unit in the operation, the tweak (IV) value is
+	 * assigned consecutively starting from the operation assigned IV.
+	 */
+
+	}; }; /* temporary struct nested in union for ABI compatibility */
+
 	struct {
 		uint16_t offset;
 		/**< Starting point for Initialisation Vector or Counter,
@@ -701,9 +725,10 @@  struct rte_crypto_sym_op {
 					 /**< The message length, in bytes, of the
 					  * source buffer on which the cryptographic
 					  * operation will be computed.
+					  * This is also the same as the result length.
 					  * This must be a multiple of the block size
-					  * if a block cipher is being used. This is
-					  * also the same as the result length.
+					  * or a multiple of data-unit length
+					  * as described in xform.
 					  *
 					  * @note
 					  * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2,
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index 40f55a3cd0..e02e001325 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -617,6 +617,8 @@  rte_cryptodev_get_feature_name(uint64_t flag)
 		return "SYM_SESSIONLESS";
 	case RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA:
 		return "NON_BYTE_ALIGNED_DATA";
+	case RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS:
+		return "CIPHER_MULTIPLE_DATA_UNITS";
 	default:
 		return NULL;
 	}
diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h
index ae34f33f69..2508abd6e1 100644
--- a/lib/librte_cryptodev/rte_cryptodev.h
+++ b/lib/librte_cryptodev/rte_cryptodev.h
@@ -95,6 +95,14 @@  struct rte_crypto_param_range {
 	 */
 };
 
+/**
+ * Data-unit supported lengths of cipher algorithms.
+ * A bit can represent any set of data-unit sizes
+ * (single size, multiple size, range, etc).
+ */
+#define RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_512_BYTES	(1 << 0)
+#define RTE_CRYPTO_CIPHER_DATA_UNIT_LEN_4096_BYTES	(1 << 1)
+
 /**
  * Symmetric Crypto Capability
  */
@@ -127,6 +135,11 @@  struct rte_cryptodev_symmetric_capability {
 			/**< cipher key size range */
 			struct rte_crypto_param_range iv_size;
 			/**< Initialisation vector data size range */
+			uint32_t dataunit_set;
+			/**<
+			 * A bitmap for a set of the supported data-unit lengths.
+			 * 0 for any length defined in the algorithm standard.
+			 */
 		} cipher;
 		/**< Symmetric Cipher transform capabilities */
 		struct {
@@ -461,6 +474,8 @@  rte_cryptodev_asym_get_xform_enum(enum rte_crypto_asym_xform_type *xform_enum,
 /**< Support operations on data which is not byte aligned */
 #define RTE_CRYPTODEV_FF_SYM_RAW_DP			(1ULL << 24)
 /**< Support accelerator specific symmetric raw data-path APIs */
+#define RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS	(1ULL << 25)
+/**< Support operations on multiple data-units message */
 
 /**
  * Get the name of a crypto device feature flag