d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
numam-dpdk/doc/guides/cryptodevs/overview.rst
Matan Azrad d014dddb2d cryptodev: support multiple cipher data-units 
In cryptography, a block cipher is a deterministic algorithm operating
on fixed-length groups of bits, called blocks.

A block cipher consists of two paired algorithms, one for encryption
and the other for decryption. Both algorithms accept two inputs:
an input block of size n bits and a key of size k bits; and both yield
an n-bit output block. The decryption algorithm is defined to be the
inverse function of the encryption.

For AES standard the block size is 16 bytes.
For AES in XTS mode, the data to be encrypted\decrypted does not have to
be multiple of 16B size, the unit of data is called data-unit.
The data-unit size can be any size in range [16B, 2^24B], so, in this
case, a data stream is divided into N amount of equal data-units and
must be encrypted\decrypted in the same data-unit resolution.

For ABI compatibility reason, the size is limited to 64K (16-bit field).
The new field dataunit_len is inserted in a struct padding hole,
which is only 2 bytes long in 32-bit build.
It could be moved and extended later during an ABI-breakage window.

The current cryptodev API doesn't allow the user to select a specific
data-unit length supported by the devices.
In addition, there is no definition how the IV is detected per data-unit
when single operation includes more than one data-unit.

That causes applications to use single operation per data-unit even though
all the data is continuous in memory what reduces datapath performance.

Add a new feature flag to support multiple data-unit sizes, called
RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS.
Add a new field in cipher capability, called dataunit_set,
where the devices can report the range of the supported data-unit sizes.
Add a new cipher transformation field, called dataunit_len, where the user
can select the data-unit length for all the operations.

All the new fields do not change the size of their structures,
by filling some struct padding holes.
They are added as exceptions in the ABI check file libabigail.abignore.

Using a bitmap to report the supported data-unit sizes capability allows
the devices to report a range simply as same as the user to read it
simply. also, thus sizes are usually common and probably will be shared
among different devices.

Signed-off-by: Matan Azrad <matan@nvidia.com>
Signed-off-by: Thomas Monjalon <thomas@monjalon.net>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-04-16 12:43:33 +02:00

80 lines
2.5 KiB
ReStructuredText
Raw Blame History

.. SPDX-License-Identifier: BSD-3-Clause
Copyright(c) 2016-2017 Intel Corporation.
Crypto Device Supported Functionality Matrices
==============================================
Supported Feature Flags
-----------------------
.. _table_crypto_pmd_features:
.. include:: overview_feature_table.txt
.. Note::
- "In Place SGL" feature flag stands for "In place Scatter-gather list",
which means that an input buffer can consist of multiple segments,
being the operation in-place (input address = output address).
- "OOP SGL In SGL Out" feature flag stands for
"Out-of-place Scatter-gather list Input, Scatter-gather list Output",
which means pmd supports different scatter-gather styled input and output buffers
(i.e. both can consists of multiple segments).
- "OOP SGL In LB Out" feature flag stands for
"Out-of-place Scatter-gather list Input, Linear Buffers Output",
which means PMD supports input from scatter-gathered styled buffers,
outputting linear buffers (i.e. single segment).
- "OOP LB In SGL Out" feature flag stands for
"Out-of-place Linear Buffers Input, Scatter-gather list Output",
which means PMD supports input from linear buffer, outputting
scatter-gathered styled buffers.
- "OOP LB In LB Out" feature flag stands for
"Out-of-place Linear Buffers Input, Linear Buffers Output",
which means that Out-of-place operation is supported,
with linear input and output buffers.
- "RSA PRIV OP KEY EXP" feature flag means PMD support RSA private key
operation (Sign and Decrypt) using exponent key type only.
- "RSA PRIV OP KEY QT" feature flag means PMD support RSA private key
operation (Sign and Decrypt) using quintuple (crt) type key only.
- "Digest encrypted" feature flag means PMD support hash-cipher cases,
where generated digest is appended to and encrypted with the data.
- "CIPHER_MULTIPLE_DATA_UNITS" feature flag means PMD support operations
on multiple data-units message.
Supported Cipher Algorithms
---------------------------
.. _table_crypto_pmd_cipher_algos:
.. include:: overview_cipher_table.txt
Supported Authentication Algorithms
-----------------------------------
.. _table_crypto_pmd_auth_algos:
.. include:: overview_auth_table.txt
Supported AEAD Algorithms
-------------------------
.. _table_crypto_pmd_aead_algos:
.. include:: overview_aead_table.txt
Supported Asymmetric Algorithms
-------------------------------
.. _table_crypto_pmd_asym_algos:
.. include:: overview_asym_table.txt
Reference in New Issue View Git Blame Copy Permalink