From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 07828A0598; Tue, 21 Apr 2020 18:57:03 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 315751D51D; Tue, 21 Apr 2020 18:57:03 +0200 (CEST) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by dpdk.org (Postfix) with ESMTP id BAE941D445 for ; Tue, 21 Apr 2020 18:57:00 +0200 (CEST) IronPort-SDR: WxLIxinC2c/QkCM+pnACTefRNVelDrx/X6xPLbKils+kbA8WfgeD/Taw2R/DjzhxEPQOaszp9j BTEUDfMh8glA== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Apr 2020 09:56:59 -0700 IronPort-SDR: +/I3jxUfFyzVybtR/2OdmgVMH4jrVaDzDKtEbc6h33dgk/XSPm3COWFnCx9igAyDwetXm1w6dS JdFDN/R3v0sQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,411,1580803200"; d="scan'208";a="402248274" Received: from silpixa00399593.ir.intel.com (HELO silpixa00399593.ger.corp.intel.com) ([10.237.223.21]) by orsmga004.jf.intel.com with ESMTP; 21 Apr 2020 09:56:57 -0700 From: Pablo de Lara To: dev@dpdk.org Cc: Pablo de Lara Date: Tue, 21 Apr 2020 17:56:53 +0100 Message-Id: <1587488214-68422-1-git-send-email-pablo.de.lara.guarch@intel.com> X-Mailer: git-send-email 2.7.5 Subject: [dpdk-dev] [PATCH 1/2] crypto/zuc: support IPSec Multi-buffer lib v0.54 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" The latest version of the Intel IPSec Multi-buffer library adds an API to authenticate multiple buffers in parallel. The PMD is modified to use this API, improving performance of the ZUC-EIA3 algorithm. Signed-off-by: Pablo de Lara --- doc/guides/cryptodevs/zuc.rst | 6 +-- doc/guides/rel_notes/release_20_05.rst | 7 ++++ drivers/crypto/zuc/rte_zuc_pmd.c | 72 ++++++++++++++++++++++++++++++++++ 3 files changed, 82 insertions(+), 3 deletions(-) diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst index 38ea999..c384f3d 100644 --- a/doc/guides/cryptodevs/zuc.rst +++ b/doc/guides/cryptodevs/zuc.rst @@ -35,8 +35,8 @@ Installation To build DPDK with the ZUC_PMD the user is required to download the multi-buffer library from `here `_ and compile it on their user system before building DPDK. -The latest version of the library supported by this PMD is v0.53, which -can be downloaded from ``_. +The latest version of the library supported by this PMD is v0.54, which +can be downloaded from ``_. After downloading the library, the user needs to unpack and compile it on their system before building DPDK: @@ -63,7 +63,7 @@ and the external crypto libraries supported by them: DPDK version Crypto library version ============= ================================ 16.11 - 19.11 LibSSO ZUC - 20.02+ Multi-buffer library 0.53 + 20.02+ Multi-buffer library 0.53 - 0.54 ============= ================================ diff --git a/doc/guides/rel_notes/release_20_05.rst b/doc/guides/rel_notes/release_20_05.rst index 0cf026a..cd98c1c 100644 --- a/doc/guides/rel_notes/release_20_05.rst +++ b/doc/guides/rel_notes/release_20_05.rst @@ -84,6 +84,13 @@ New Features * Added support for intel-ipsec-mb version 0.54. +* **Updated the ZUC crypto PMD.** + + * Added support for intel-ipsec-mb version 0.54. + * Updated the PMD to support Multi-buffer ZUC-EIA3, + improving performance significantly, when using + intel-ipsec-mb version 0.54 + * **Added QAT intermediate buffer too small handling in QAT compression PMD.** Added a special way of buffer handling when internal QAT intermediate buffer diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c index 17926b4..463b5cd 100644 --- a/drivers/crypto/zuc/rte_zuc_pmd.c +++ b/drivers/crypto/zuc/rte_zuc_pmd.c @@ -232,6 +232,63 @@ process_zuc_cipher_op(struct zuc_qp *qp, struct rte_crypto_op **ops, } /** Generate/verify hash from mbufs. */ +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) +static int +process_zuc_hash_op_mb(struct zuc_qp *qp, struct rte_crypto_op **ops, + struct zuc_session **sessions, + uint8_t num_ops) +{ + unsigned int i; + uint8_t processed_ops = 0; + uint8_t *src[ZUC_MAX_BURST]; + uint32_t *dst[ZUC_MAX_BURST]; + uint32_t length_in_bits[ZUC_MAX_BURST]; + uint8_t *iv[ZUC_MAX_BURST]; + const void *hash_keys[ZUC_MAX_BURST]; + struct zuc_session *sess; + + for (i = 0; i < num_ops; i++) { + /* Data must be byte aligned */ + if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) { + ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + ZUC_LOG(ERR, "Offset"); + break; + } + + sess = sessions[i]; + + length_in_bits[i] = ops[i]->sym->auth.data.length; + + src[i] = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) + + (ops[i]->sym->auth.data.offset >> 3); + iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *, + sess->auth_iv_offset); + + hash_keys[i] = sess->pKey_hash; + if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) + dst[i] = (uint32_t *)qp->temp_digest; + else + dst[i] = (uint32_t *)ops[i]->sym->auth.digest.data; + + processed_ops++; + } + + IMB_ZUC_EIA3_N_BUFFER(qp->mb_mgr, (const void **)hash_keys, + (const void **)iv, (const void **)src, length_in_bits, + dst, processed_ops); + + /* + * If tag needs to be verified, compare generated tag + * with attached tag + */ + for (i = 0; i < processed_ops; i++) + if (sessions[i]->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) + if (memcmp(dst[i], ops[i]->sym->auth.digest.data, + ZUC_DIGEST_LENGTH) != 0) + ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; + return processed_ops; +} +#else static int process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops, struct zuc_session **sessions, @@ -284,6 +341,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops, return processed_ops; } +#endif /** Process a batch of crypto ops which shares the same operation type. */ static int @@ -301,17 +359,31 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type, sessions, num_ops); break; case ZUC_OP_ONLY_AUTH: +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + processed_ops = process_zuc_hash_op_mb(qp, ops, sessions, + num_ops); +#else processed_ops = process_zuc_hash_op(qp, ops, sessions, num_ops); +#endif break; case ZUC_OP_CIPHER_AUTH: processed_ops = process_zuc_cipher_op(qp, ops, sessions, num_ops); +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + process_zuc_hash_op_mb(qp, ops, sessions, processed_ops); +#else process_zuc_hash_op(qp, ops, sessions, processed_ops); +#endif break; case ZUC_OP_AUTH_CIPHER: +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + processed_ops = process_zuc_hash_op_mb(qp, ops, sessions, + num_ops); +#else processed_ops = process_zuc_hash_op(qp, ops, sessions, num_ops); +#endif process_zuc_cipher_op(qp, ops, sessions, processed_ops); break; default: -- 2.7.5