cryptodev: move IV parameters to session

Since IV parameters (offset and length) should not
change for operations in the same session, these parameters
are moved to the crypto transform structure, so they will
be stored in the sessions.

Signed-off-by: Pablo de Lara <[email protected]>
Acked-by: Declan Doherty <[email protected]>
Acked-by: Akhil Goyal <[email protected]>
Acked-by: Fiona Trahe <[email protected]>

app/test-crypto-perf/cperf_ops.c

@@ -106,9 +106,6 @@ cperf_set_ops_cipher(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.offset = iv_offset;
-		sym_op->cipher.iv.length = test_vector->iv.length;
-
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_ZUC_EEA3)
@@ -215,9 +212,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.offset = iv_offset;
-		sym_op->cipher.iv.length = test_vector->iv.length;
-
 		if (options->cipher_algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
 				options->cipher_algo == RTE_CRYPTO_CIPHER_ZUC_EEA3)
@@ -302,9 +296,6 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 		sym_op->m_dst = bufs_out[i];
 
 		/* cipher parameters */
-		sym_op->cipher.iv.offset = iv_offset;
-		sym_op->cipher.iv.length = test_vector->iv.length;
-
 		sym_op->cipher.data.length = options->test_buffer_size;
 		sym_op->cipher.data.offset =
 				RTE_ALIGN_CEIL(options->auth_aad_sz, 16);
@@ -365,7 +356,8 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
 static struct rte_cryptodev_sym_session *
 cperf_create_session(uint8_t dev_id,
 	const struct cperf_options *options,
-	const struct cperf_test_vector *test_vector)
+	const struct cperf_test_vector *test_vector,
+	uint16_t iv_offset)
 {
 	struct rte_crypto_sym_xform cipher_xform;
 	struct rte_crypto_sym_xform auth_xform;
@@ -379,16 +371,20 @@ cperf_create_session(uint8_t dev_id,
 		cipher_xform.next = NULL;
 		cipher_xform.cipher.algo = options->cipher_algo;
 		cipher_xform.cipher.op = options->cipher_op;
+		cipher_xform.cipher.iv.offset = iv_offset;
 
 		/* cipher different than null */
 		if (options->cipher_algo != RTE_CRYPTO_CIPHER_NULL) {
 			cipher_xform.cipher.key.data =
 					test_vector->cipher_key.data;
 			cipher_xform.cipher.key.length =
 					test_vector->cipher_key.length;
+			cipher_xform.cipher.iv.length = test_vector->iv.length;
+
 		} else {
 			cipher_xform.cipher.key.data = NULL;
 			cipher_xform.cipher.key.length = 0;
+			cipher_xform.cipher.iv.length = 0;
 		}
 		/* create crypto session */
 		sess = rte_cryptodev_sym_session_create(dev_id,	&cipher_xform);
@@ -432,16 +428,19 @@ cperf_create_session(uint8_t dev_id,
 		cipher_xform.next = NULL;
 		cipher_xform.cipher.algo = options->cipher_algo;
 		cipher_xform.cipher.op = options->cipher_op;
+		cipher_xform.cipher.iv.offset = iv_offset;
 
 		/* cipher different than null */
 		if (options->cipher_algo != RTE_CRYPTO_CIPHER_NULL) {
 			cipher_xform.cipher.key.data =
 					test_vector->cipher_key.data;
 			cipher_xform.cipher.key.length =
 					test_vector->cipher_key.length;
+			cipher_xform.cipher.iv.length = test_vector->iv.length;
 		} else {
 			cipher_xform.cipher.key.data = NULL;
 			cipher_xform.cipher.key.length = 0;
+			cipher_xform.cipher.iv.length = 0;
 		}
 
 		/*

app/test-crypto-perf/cperf_ops.h

@@ -42,7 +42,8 @@
 
 typedef struct rte_cryptodev_sym_session *(*cperf_sessions_create_t)(
 		uint8_t dev_id, const struct cperf_options *options,
-		const struct cperf_test_vector *test_vector);
+		const struct cperf_test_vector *test_vector,
+		uint16_t iv_offset);
 
 typedef int (*cperf_populate_ops_t)(struct rte_crypto_op **ops,
 		struct rte_mbuf **bufs_in, struct rte_mbuf **bufs_out,

app/test-crypto-perf/cperf_test_latency.c

@@ -211,7 +211,12 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	ctx->options = options;
 	ctx->test_vector = test_vector;
 
-	ctx->sess = op_fns->sess_create(dev_id, options, test_vector);
+	/* IV goes at the end of the crypto operation */
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op) +
+		sizeof(struct cperf_op_result *);
+
+	ctx->sess = op_fns->sess_create(dev_id, options, test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
 

app/test-crypto-perf/cperf_test_throughput.c

@@ -195,7 +195,11 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	ctx->options = options;
 	ctx->test_vector = test_vector;
 
-	ctx->sess = op_fns->sess_create(dev_id, options, test_vector);
+	/* IV goes at the end of the cryptop operation */
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op);
+
+	ctx->sess = op_fns->sess_create(dev_id, options, test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
 

app/test-crypto-perf/cperf_test_vectors.c

@@ -1,3 +1,35 @@
+/*-
+ *   BSD LICENSE
+ *
+ *   Copyright(c) 2016-2017 Intel Corporation. All rights reserved.
+ *
+ *   Redistribution and use in source and binary forms, with or without
+ *   modification, are permitted provided that the following conditions
+ *   are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *     * Neither the name of Intel Corporation nor the names of its
+ *       contributors may be used to endorse or promote products derived
+ *       from this software without specific prior written permission.
+ *
+ *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ *   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ *   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ *   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ *   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ *   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ *   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ *   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
 #include <rte_crypto.h>
 #include <rte_malloc.h>
 
@@ -423,7 +455,16 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
 			memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
 		}
 		t_vec->ciphertext.length = options->max_buffer_size;
+		/* Set IV parameters */
+		t_vec->iv.data = rte_malloc(NULL, options->cipher_iv_sz,
+					16);
+		if (options->cipher_iv_sz && t_vec->iv.data == NULL) {
+			rte_free(t_vec);
+			return NULL;
+		}
+		memcpy(t_vec->iv.data, iv, options->cipher_iv_sz);
 		t_vec->iv.length = options->cipher_iv_sz;
+
 		t_vec->data.cipher_offset = 0;
 		t_vec->data.cipher_length = options->max_buffer_size;
 	}

app/test-crypto-perf/cperf_test_verify.c

@@ -199,7 +199,11 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id,
 	ctx->options = options;
 	ctx->test_vector = test_vector;
 
-	ctx->sess = op_fns->sess_create(dev_id, options, test_vector);
+	/* IV goes at the end of the cryptop operation */
+	uint16_t iv_offset = sizeof(struct rte_crypto_op) +
+		sizeof(struct rte_crypto_sym_op);
+
+	ctx->sess = op_fns->sess_create(dev_id, options, test_vector, iv_offset);
 	if (ctx->sess == NULL)
 		goto err;
 

doc/guides/prog_guide/cryptodev_lib.rst

@@ -535,11 +535,6 @@ chain.
                 uint32_t offset;
                 uint32_t length;
             } data;   /**< Data offsets and length for ciphering */
-
-            struct {
-                uint16_t offset;
-                uint16_t length;
-            } iv;     /**< Initialisation vector parameters */
         } cipher;
 
         struct {

doc/guides/rel_notes/release_17_08.rst

@@ -92,6 +92,7 @@ New Features
   * Removed field ``rte_crypto_sym_op_sess_type``.
   * Replaced pointer and physical address of IV with offset from the start
     of the crypto operation.
+  * Moved length and offset of cipher IV to ``rte_crypto_cipher_xform``.
 
 * **Reorganized the crypto operation structure.**
 
@@ -191,6 +192,10 @@ ABI Changes
   Some fields have been modified in the ``rte_crypto_op`` and ``rte_crypto_sym_op``
   structures, as described in the `New Features`_ section.
 
+* **Reorganized the ``rte_crypto_sym_cipher_xform`` structure.**
+
+  * Added cipher IV length and offset parameters.
+
 
 Shared Library Versions
 -----------------------

drivers/crypto/aesni_gcm/aesni_gcm_pmd.c

@@ -104,6 +104,17 @@ aesni_gcm_set_session_parameters(struct aesni_gcm_session *sess,
 		return -EINVAL;
 	}
 
+	/* Set IV parameters */
+	sess->iv.offset = cipher_xform->cipher.iv.offset;
+	sess->iv.length = cipher_xform->cipher.iv.length;
+
+	/* IV check */
+	if (sess->iv.length != 16 && sess->iv.length != 12 &&
+			sess->iv.length != 0) {
+		GCM_LOG_ERR("Wrong IV length");
+		return -EINVAL;
+	}
+
 	/* Select Crypto operation */
 	if (cipher_xform->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
 			auth_xform->auth.op == RTE_CRYPTO_AUTH_OP_GENERATE)
@@ -221,20 +232,13 @@ process_gcm_crypto_op(struct rte_crypto_op *op,
 
 	src = rte_pktmbuf_mtod_offset(m_src, uint8_t *, offset);
 
-	/* sanity checks */
-	if (sym_op->cipher.iv.length != 16 && sym_op->cipher.iv.length != 12 &&
-			sym_op->cipher.iv.length != 0) {
-		GCM_LOG_ERR("iv");
-		return -1;
-	}
-
 	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
-				sym_op->cipher.iv.offset);
+				session->iv.offset);
 	/*
 	 * GCM working in 12B IV mode => 16B pre-counter block we need
 	 * to set BE LSB to 1, driver expects that 16B is allocated
 	 */
-	if (sym_op->cipher.iv.length == 12) {
+	if (session->iv.length == 12) {
 		uint32_t *iv_padd = (uint32_t *)&(iv_ptr[12]);
 		*iv_padd = rte_bswap32(1);
 	}

drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h

@@ -90,6 +90,11 @@ enum aesni_gcm_key {
 
 /** AESNI GCM private session structure */
 struct aesni_gcm_session {
+	struct {
+		uint16_t length;
+		uint16_t offset;
+	} iv;
+	/**< IV parameters */
 	enum aesni_gcm_operation op;
 	/**< GCM operation type */
 	enum aesni_gcm_key key;

drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c

@@ -246,6 +246,10 @@ aesni_mb_set_session_cipher_parameters(const struct aesni_mb_op_fns *mb_ops,
 		return -1;
 	}
 
+	/* Set IV parameters */
+	sess->iv.offset = xform->cipher.iv.offset;
+	sess->iv.length = xform->cipher.iv.length;
+
 	/* Expanded cipher keys */
 	(*aes_keyexp_fn)(xform->cipher.key.data,
 			sess->cipher.expanded_aes_keys.encode,
@@ -300,6 +304,9 @@ aesni_mb_set_session_parameters(const struct aesni_mb_op_fns *mb_ops,
 		return -1;
 	}
 
+	/* Default IV length = 0 */
+	sess->iv.length = 0;
+
 	if (aesni_mb_set_session_auth_parameters(mb_ops, sess, auth_xform)) {
 		MB_LOG_ERR("Invalid/unsupported authentication parameters");
 		return -1;
@@ -472,8 +479,8 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 
 	/* Set IV parameters */
 	job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-			op->sym->cipher.iv.offset);
-	job->iv_len_in_bytes = op->sym->cipher.iv.length;
+			session->iv.offset);
+	job->iv_len_in_bytes = session->iv.length;
 
 	/* Data  Parameter */
 	job->src = rte_pktmbuf_mtod(m_src, uint8_t *);

drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h

@@ -167,6 +167,11 @@ struct aesni_mb_qp {
 /** AES-NI multi-buffer private session structure */
 struct aesni_mb_session {
 	JOB_CHAIN_ORDER chain_order;
+	struct {
+		uint16_t length;
+		uint16_t offset;
+	} iv;
+	/**< IV parameters */
 
 	/** Cipher Parameters */
 	struct {

drivers/crypto/armv8/rte_armv8_pmd.c

@@ -432,7 +432,7 @@ armv8_crypto_set_session_chained_parameters(struct armv8_crypto_session *sess,
 	case RTE_CRYPTO_CIPHER_AES_CBC:
 		sess->cipher.algo = calg;
 		/* IV len is always 16 bytes (block size) for AES CBC */
-		sess->cipher.iv_len = 16;
+		sess->cipher.iv.length = 16;
 		break;
 	default:
 		return -EINVAL;
@@ -523,6 +523,9 @@ armv8_crypto_set_session_parameters(struct armv8_crypto_session *sess,
 		return -EINVAL;
 	}
 
+	/* Set IV offset */
+	sess->cipher.iv.offset = cipher_xform->cipher.iv.offset;
+
 	if (is_chained_op) {
 		ret = armv8_crypto_set_session_chained_parameters(sess,
 						cipher_xform, auth_xform);
@@ -649,13 +652,8 @@ process_armv8_chained_op
 				op->sym->auth.digest.length);
 	}
 
-	if (unlikely(op->sym->cipher.iv.length != sess->cipher.iv_len)) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-		return;
-	}
-
 	arg.cipher.iv = rte_crypto_op_ctod_offset(op, uint8_t *,
-					op->sym->cipher.iv.offset);
+					sess->cipher.iv.offset);
 	arg.cipher.key = sess->cipher.key.data;
 	/* Acquire combined mode function */
 	crypto_func = sess->crypto_func;

drivers/crypto/armv8/rte_armv8_pmd_private.h

@@ -159,8 +159,11 @@ struct armv8_crypto_session {
 		/**< cipher operation direction */
 		enum rte_crypto_cipher_algorithm algo;
 		/**< cipher algorithm */
-		int iv_len;
-		/**< IV length */
+		struct {
+			uint16_t length;
+			uint16_t offset;
+		} iv;
+		/**< IV parameters */
 
 		struct {
 			uint8_t data[256];