DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH 0/3] Use Intel IPSec MB library in Wireless PMDs
@ 2019-12-11 14:20 Pablo de Lara
  2019-12-11 14:20 ` [dpdk-dev] [PATCH 1/3] crypto/zuc: use IPSec library Pablo de Lara
                   ` (3 more replies)
  0 siblings, 4 replies; 21+ messages in thread
From: Pablo de Lara @ 2019-12-11 14:20 UTC (permalink / raw)
  To: akhil.goyal, declan.doherty; +Cc: dev, Pablo de Lara

The three Intel SW Crypto PMDs supporting SNOW3G, ZUC and KASUMI
link against libSSO libraries.
The Intel IPSec Multi-buffer library recently integrated the code
from these libraries, in version v0.53. This library can be
downloaded from https://github.com/intel/intel-ipsec-mb.

KASUMI, SNOW3G and ZUC PMDs have been modified to use this single library,
which is already used in the AESNI MB and AESNI GCM PMDs,
reducing the number of external dependencies in the crypto PMDs.

Pablo de Lara (3):
  crypto/zuc: use IPSec library
  crypto/kasumi: use IPSec library
  crypto/snow3g: use IPSec library

 devtools/test-build.sh                     | 16 ++----
 doc/guides/cryptodevs/kasumi.rst           | 62 ++++++++++++----------
 doc/guides/cryptodevs/snow3g.rst           | 58 +++++++++++---------
 doc/guides/cryptodevs/zuc.rst              | 52 ++++++++++--------
 doc/guides/rel_notes/release_20_02.rst     | 17 ++++++
 drivers/crypto/kasumi/Makefile             | 26 +++++----
 drivers/crypto/kasumi/kasumi_pmd_private.h | 12 +++--
 drivers/crypto/kasumi/meson.build          | 24 ++++++---
 drivers/crypto/kasumi/rte_kasumi_pmd.c     | 79 +++++++++++++++------------
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c |  8 ++-
 drivers/crypto/snow3g/Makefile             | 29 ++++++----
 drivers/crypto/snow3g/meson.build          | 21 ++++++--
 drivers/crypto/snow3g/rte_snow3g_pmd.c     | 85 ++++++++++++++++++------------
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c |  8 ++-
 drivers/crypto/snow3g/snow3g_pmd_private.h | 14 +++--
 drivers/crypto/zuc/Makefile                | 28 ++++++----
 drivers/crypto/zuc/meson.build             | 24 ++++++---
 drivers/crypto/zuc/rte_zuc_pmd.c           | 43 ++++++++++-----
 drivers/crypto/zuc/rte_zuc_pmd_ops.c       |  2 +
 drivers/crypto/zuc/zuc_pmd_private.h       |  6 ++-
 mk/rte.app.mk                              |  6 +--
 21 files changed, 388 insertions(+), 232 deletions(-)

-- 
2.7.5


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH 1/3] crypto/zuc: use IPSec library
  2019-12-11 14:20 [dpdk-dev] [PATCH 0/3] Use Intel IPSec MB library in Wireless PMDs Pablo de Lara
@ 2019-12-11 14:20 ` Pablo de Lara
  2019-12-11 14:20 ` [dpdk-dev] [PATCH 2/3] crypto/kasumi: " Pablo de Lara
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2019-12-11 14:20 UTC (permalink / raw)
  To: akhil.goyal, declan.doherty; +Cc: dev, Pablo de Lara

Link against Intel IPSec Multi-buffer library, which
added support for ZUC-EEA3 and ZUC-EIA3 from version v0.53,
moving from libSSO ZUC library.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 devtools/test-build.sh                 |  6 ++--
 doc/guides/cryptodevs/zuc.rst          | 52 ++++++++++++++++++++--------------
 doc/guides/rel_notes/release_20_02.rst |  7 +++++
 drivers/crypto/zuc/Makefile            | 28 +++++++++++-------
 drivers/crypto/zuc/meson.build         | 24 ++++++++++++----
 drivers/crypto/zuc/rte_zuc_pmd.c       | 43 +++++++++++++++++++---------
 drivers/crypto/zuc/rte_zuc_pmd_ops.c   |  2 ++
 drivers/crypto/zuc/zuc_pmd_private.h   |  6 +++-
 mk/rte.app.mk                          |  2 +-
 9 files changed, 113 insertions(+), 57 deletions(-)

diff --git a/devtools/test-build.sh b/devtools/test-build.sh
index be565a1..afa0748 100755
--- a/devtools/test-build.sh
+++ b/devtools/test-build.sh
@@ -29,7 +29,6 @@ default_path=$PATH
 # - LIBMUSDK_PATH
 # - LIBSSO_SNOW3G_PATH
 # - LIBSSO_KASUMI_PATH
-# - LIBSSO_ZUC_PATH
 . $(dirname $(readlink -f $0))/load-devel-config
 
 print_usage () {
@@ -123,7 +122,6 @@ reset_env ()
 	unset LIBMUSDK_PATH
 	unset LIBSSO_SNOW3G_PATH
 	unset LIBSSO_KASUMI_PATH
-	unset LIBSSO_ZUC_PATH
 	unset PQOS_INSTALL_PATH
 }
 
@@ -183,12 +181,12 @@ config () # <directory> <target> <options>
 		sed -ri=""       's,(PMD_AESNI_MB=)n,\1y,' $1/.config
 		test "$DPDK_DEP_IPSEC_MB" != y || \
 		sed -ri=""      's,(PMD_AESNI_GCM=)n,\1y,' $1/.config
+		test "$DPDK_DEP_IPSEC_MB" != y || \
+		sed -ri=""            's,(PMD_ZUC=)n,\1y,' $1/.config
 		test -z "$LIBSSO_SNOW3G_PATH" || \
 		sed -ri=""         's,(PMD_SNOW3G=)n,\1y,' $1/.config
 		test -z "$LIBSSO_KASUMI_PATH" || \
 		sed -ri=""         's,(PMD_KASUMI=)n,\1y,' $1/.config
-		test -z "$LIBSSO_ZUC_PATH" || \
-		sed -ri=""            's,(PMD_ZUC=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
 		sed -ri=""            's,(PMD_CCP=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
index 002e986..23d618d 100644
--- a/doc/guides/cryptodevs/zuc.rst
+++ b/doc/guides/cryptodevs/zuc.rst
@@ -1,12 +1,12 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright(c) 2016 Intel Corporation.
+    Copyright(c) 2016-2019 Intel Corporation.
 
 ZUC Crypto Poll Mode Driver
 ===========================
 
-The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver
-support for utilizing Intel Libsso library, which implements F8 and F9 functions
-for ZUC EEA3 cipher and EIA3 hash algorithms.
+The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver support for
+utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_
+which implements F8 and F9 functions for ZUC EEA3 cipher and EIA3 hash algorithms.
 
 Features
 --------
@@ -27,36 +27,46 @@ Limitations
 * Chained mbufs are not supported.
 * ZUC (EIA3) supported only if hash offset field is byte-aligned.
 * ZUC (EEA3) supported only if cipher length, cipher offset fields are byte-aligned.
-* ZUC PMD cannot be built as a shared library, due to limitations in
-  the underlying library.
 
 
 Installation
 ------------
 
-To build DPDK with the ZUC_PMD the user is required to download
-the export controlled ``libsso_zuc`` library, by registering in
-`Intel Resource & Design Center <https://www.intel.com/content/www/us/en/design/resource-design-center.html>`_.
-Once approval has been granted, the user needs to search for
-*ZUC 128-EAA3 and 128-EIA3 3GPP cryptographic algorithms Software Library* to download the
-library or directly through this `link <https://cdrdv2.intel.com/v1/dl/getContent/575868>`_.
+To build DPDK with the ZUC_PMD the user is required to download the multi-buffer
+library from `here <https://github.com/01org/intel-ipsec-mb>`_
+and compile it on their user system before building DPDK.
+The latest version of the library supported by this PMD is v0.53, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+
 After downloading the library, the user needs to unpack and compile it
-on their system before building DPDK::
+on their system before building DPDK:
+
+.. code-block:: console
+
+    make
+    make install
+
+As a reference, the following table shows a mapping between the past DPDK versions
+and the external crypto libraries supported by them:
+
+.. _table_zuc_versions:
+
+.. table:: DPDK and external crypto library version compatibility
+
+   =============  ================================
+   DPDK version   Crypto library version
+   =============  ================================
+   16.11 - 19.11  LibSSO ZUC
+   20.02+         Multi-buffer library 0.53
+   =============  ================================
 
-   make
 
 Initialization
 --------------
 
 In order to enable this virtual crypto PMD, user must:
 
-* Export the environmental variable LIBSSO_ZUC_PATH with the path where
-  the library was extracted (zuc folder).
-
-* Export the environmental variable LD_LIBRARY_PATH with the path
-  where the built libsso library is (LIBSSO_ZUC_PATH/build).
-
-* Build the LIBSSO_ZUC library (explained in Installation section).
+* Build the multi buffer library (explained in Installation section).
 
 * Build DPDK as follows:
 
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index 0eaa45a..4216e0b 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -56,6 +56,13 @@ New Features
      Also, make sure to start the actual text at the margin.
      =========================================================
 
+* **Updated the ZUC PMD.**
+
+  * Transistioned underlying library from libSSO ZUC to intel-ipsec-mb
+    library (minimum version required 0.53).
+  * Removed dynamic library limitation, so PMD can be built as a shared
+    object now.
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/zuc/Makefile b/drivers/crypto/zuc/Makefile
index a01bb6e..b50883b 100644
--- a/drivers/crypto/zuc/Makefile
+++ b/drivers/crypto/zuc/Makefile
@@ -1,14 +1,8 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2016 Intel Corporation
+# Copyright(c) 2016-2019 Intel Corporation
 
 include $(RTE_SDK)/mk/rte.vars.mk
 
-ifneq ($(MAKECMDGOALS),clean)
-ifeq ($(LIBSSO_ZUC_PATH),)
-$(error "Please define LIBSSO_ZUC_PATH environment variable")
-endif
-endif
-
 # library name
 LIB = librte_pmd_zuc.a
 
@@ -21,14 +15,26 @@ CFLAGS += -DALLOW_EXPERIMENTAL_API
 EXPORT_MAP := rte_pmd_zuc_version.map
 
 # external library dependencies
-CFLAGS += -I$(LIBSSO_ZUC_PATH)
-CFLAGS += -I$(LIBSSO_ZUC_PATH)/include
-CFLAGS += -I$(LIBSSO_ZUC_PATH)/build
-LDLIBS += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc
+LDLIBS += -lIPSec_MB
 LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring
 LDLIBS += -lrte_cryptodev
 LDLIBS += -lrte_bus_vdev
 
+IMB_HDR = $(shell echo '\#include <intel-ipsec-mb.h>' | \
+	$(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \
+	head -n1 | cut -d'"' -f2)
+
+# Detect library version
+IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2)
+IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3)
+
+ifeq ($(IMB_VERSION),)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
+ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
 # library source files
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += rte_zuc_pmd.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += rte_zuc_pmd_ops.c
diff --git a/drivers/crypto/zuc/meson.build b/drivers/crypto/zuc/meson.build
index b231de0..b7098a3 100644
--- a/drivers/crypto/zuc/meson.build
+++ b/drivers/crypto/zuc/meson.build
@@ -1,14 +1,26 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2018 Intel Corporation
+# Copyright(c) 2018-2019 Intel Corporation
 
-lib = cc.find_library('sso_zuc', required: false)
-if not lib.found() or not cc.has_header('sso_zuc.h')
+IMB_required_ver = '0.53.0'
+lib = cc.find_library('IPSec_MB', required: false)
+if not lib.found()
 	build = false
-	reason = 'missing dependency, "libsso_zuc"'
-	subdir_done()
+	reason = 'missing dependency, "libIPSec_MB"'
+else
+	ext_deps += lib
+
+	# version comes with quotes, so we split based on " and take the middle
+	imb_ver = cc.get_define('IMB_VERSION_STR',
+		prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
+
+	if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver))
+		message('IPSec_MB version >= @0@ is required, found version @1@'.format(
+				IMB_required_ver, imb_ver))
+		build = false
+	endif
+
 endif
 
 allow_experimental_apis = true
-ext_deps += lib
 sources = files('rte_zuc_pmd.c', 'rte_zuc_pmd_ops.c')
 deps += ['bus_vdev']
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index 8e214cd..afa288b 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -170,7 +170,7 @@ zuc_get_session(struct zuc_qp *qp, struct rte_crypto_op *op)
 
 /** Encrypt/decrypt mbufs. */
 static uint8_t
-process_zuc_cipher_op(struct rte_crypto_op **ops,
+process_zuc_cipher_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 		struct zuc_session **sessions,
 		uint8_t num_ops)
 {
@@ -222,7 +222,8 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 		processed_ops++;
 	}
 
-	sso_zuc_eea3_n_buffer(cipher_keys, iv, src, dst,
+	IMB_ZUC_EEA3_N_BUFFER(qp->mb_mgr, (const void **)cipher_keys,
+			(const void **)iv, (const void **)src, (void **)dst,
 			num_bytes, processed_ops);
 
 	return processed_ops;
@@ -262,7 +263,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 		if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint32_t *)qp->temp_digest;
 
-			sso_zuc_eia3_1_buffer(sess->pKey_hash,
+			IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash,
 					iv, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
@@ -272,7 +273,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 		} else  {
 			dst = (uint32_t *)ops[i]->sym->auth.digest.data;
 
-			sso_zuc_eia3_1_buffer(sess->pKey_hash,
+			IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash,
 					iv, src,
 					length_in_bits, dst);
 		}
@@ -294,7 +295,7 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type,
 
 	switch (op_type) {
 	case ZUC_OP_ONLY_CIPHER:
-		processed_ops = process_zuc_cipher_op(ops,
+		processed_ops = process_zuc_cipher_op(qp, ops,
 				sessions, num_ops);
 		break;
 	case ZUC_OP_ONLY_AUTH:
@@ -302,14 +303,14 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type,
 				num_ops);
 		break;
 	case ZUC_OP_CIPHER_AUTH:
-		processed_ops = process_zuc_cipher_op(ops, sessions,
+		processed_ops = process_zuc_cipher_op(qp, ops, sessions,
 				num_ops);
 		process_zuc_hash_op(qp, ops, sessions, processed_ops);
 		break;
 	case ZUC_OP_AUTH_CIPHER:
 		processed_ops = process_zuc_hash_op(qp, ops, sessions,
 				num_ops);
-		process_zuc_cipher_op(ops, sessions, processed_ops);
+		process_zuc_cipher_op(qp, ops, sessions, processed_ops);
 		break;
 	default:
 		/* Operation not supported. */
@@ -457,8 +458,7 @@ cryptodev_zuc_create(const char *name,
 {
 	struct rte_cryptodev *dev;
 	struct zuc_private *internals;
-	uint64_t cpu_flags = RTE_CRYPTODEV_FF_CPU_SSE;
-
+	MB_MGR *mb_mgr;
 
 	dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
 	if (dev == NULL) {
@@ -466,6 +466,21 @@ cryptodev_zuc_create(const char *name,
 		goto init_error;
 	}
 
+	dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
+			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING;
+
+	mb_mgr = alloc_mb_mgr(0);
+	if (mb_mgr == NULL)
+		return -ENOMEM;
+
+	if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
+		init_mb_mgr_avx(mb_mgr);
+	} else {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
+		init_mb_mgr_sse(mb_mgr);
+	}
+
 	dev->driver_id = cryptodev_driver_id;
 	dev->dev_ops = rte_zuc_pmd_ops;
 
@@ -473,11 +488,8 @@ cryptodev_zuc_create(const char *name,
 	dev->dequeue_burst = zuc_pmd_dequeue_burst;
 	dev->enqueue_burst = zuc_pmd_enqueue_burst;
 
-	dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
-			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
-			cpu_flags;
-
 	internals = dev->data->dev_private;
+	internals->mb_mgr = mb_mgr;
 
 	internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs;
 
@@ -518,6 +530,7 @@ cryptodev_zuc_remove(struct rte_vdev_device *vdev)
 
 	struct rte_cryptodev *cryptodev;
 	const char *name;
+	struct zuc_private *internals;
 
 	name = rte_vdev_device_name(vdev);
 	if (name == NULL)
@@ -527,6 +540,10 @@ cryptodev_zuc_remove(struct rte_vdev_device *vdev)
 	if (cryptodev == NULL)
 		return -ENODEV;
 
+	internals = cryptodev->data->dev_private;
+
+	free_mb_mgr(internals->mb_mgr);
+
 	return rte_cryptodev_pmd_destroy(cryptodev);
 }
 
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index 62f8c6c..ddd0f92 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -201,6 +201,7 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		int socket_id)
 {
 	struct zuc_qp *qp = NULL;
+	struct zuc_private *internals = dev->data->dev_private;
 
 	/* Free memory prior to re-allocation if needed. */
 	if (dev->data->queue_pairs[qp_id] != NULL)
@@ -223,6 +224,7 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (qp->processed_ops == NULL)
 		goto qp_setup_cleanup;
 
+	qp->mb_mgr = internals->mb_mgr;
 	qp->sess_mp = qp_conf->mp_session;
 	qp->sess_mp_priv = qp_conf->mp_session_private;
 
diff --git a/drivers/crypto/zuc/zuc_pmd_private.h b/drivers/crypto/zuc/zuc_pmd_private.h
index 428efd4..47a8b08 100644
--- a/drivers/crypto/zuc/zuc_pmd_private.h
+++ b/drivers/crypto/zuc/zuc_pmd_private.h
@@ -5,7 +5,7 @@
 #ifndef _ZUC_PMD_PRIVATE_H_
 #define _ZUC_PMD_PRIVATE_H_
 
-#include <sso_zuc.h>
+#include <intel-ipsec-mb.h>
 
 #define CRYPTODEV_NAME_ZUC_PMD		crypto_zuc
 /**< KASUMI PMD device name */
@@ -24,6 +24,8 @@ int zuc_logtype_driver;
 struct zuc_private {
 	unsigned max_nb_queue_pairs;
 	/**< Max number of queue pairs supported by device */
+	MB_MGR *mb_mgr;
+	/**< Multi-buffer instance */
 };
 
 /** ZUC buffer queue pair */
@@ -45,6 +47,8 @@ struct zuc_qp {
 	 * by the driver when verifying a digest provided
 	 * by the user (using authentication verify operation)
 	 */
+	MB_MGR *mb_mgr;
+	/**< Multi-buffer instance */
 } __rte_cache_aligned;
 
 enum zuc_operation {
diff --git a/mk/rte.app.mk b/mk/rte.app.mk
index 05ea034..62724cc 100644
--- a/mk/rte.app.mk
+++ b/mk/rte.app.mk
@@ -272,7 +272,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -L$(LIBSSO_SNOW3G_PATH)/build -l
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lrte_pmd_kasumi
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lrte_pmd_zuc
-_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO)    += -lrte_pmd_armv8
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO)    += -L$(ARMV8_CRYPTO_LIB_PATH) -larmv8_crypto
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_MVSAM_CRYPTO) += -L$(LIBMUSDK_PATH)/lib -lrte_pmd_mvsam_crypto -lmusdk
-- 
2.7.5


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH 2/3] crypto/kasumi: use IPSec library
  2019-12-11 14:20 [dpdk-dev] [PATCH 0/3] Use Intel IPSec MB library in Wireless PMDs Pablo de Lara
  2019-12-11 14:20 ` [dpdk-dev] [PATCH 1/3] crypto/zuc: use IPSec library Pablo de Lara
@ 2019-12-11 14:20 ` Pablo de Lara
  2019-12-11 14:20 ` [dpdk-dev] [PATCH 3/3] crypto/snow3g: " Pablo de Lara
  2020-01-13 11:40 ` [dpdk-dev] [PATCH v2 0/3] Use Intel IPSec MB library in Wireless PMDs Pablo de Lara
  3 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2019-12-11 14:20 UTC (permalink / raw)
  To: akhil.goyal, declan.doherty; +Cc: dev, Pablo de Lara

Link against Intel IPSec Multi-buffer library, which
added support for KASUMI-F8 and KASUMI-F9 from version v0.53,
moving from libSSO KASUMI library.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 devtools/test-build.sh                     |  6 +--
 doc/guides/cryptodevs/kasumi.rst           | 62 ++++++++++++-----------
 doc/guides/rel_notes/release_20_02.rst     |  5 ++
 drivers/crypto/kasumi/Makefile             | 26 ++++++----
 drivers/crypto/kasumi/kasumi_pmd_private.h | 12 +++--
 drivers/crypto/kasumi/meson.build          | 24 ++++++---
 drivers/crypto/kasumi/rte_kasumi_pmd.c     | 79 +++++++++++++++++-------------
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c |  8 ++-
 mk/rte.app.mk                              |  2 +-
 9 files changed, 134 insertions(+), 90 deletions(-)

diff --git a/devtools/test-build.sh b/devtools/test-build.sh
index afa0748..56c744f 100755
--- a/devtools/test-build.sh
+++ b/devtools/test-build.sh
@@ -28,7 +28,6 @@ default_path=$PATH
 # - FLEXRAN_SDK
 # - LIBMUSDK_PATH
 # - LIBSSO_SNOW3G_PATH
-# - LIBSSO_KASUMI_PATH
 . $(dirname $(readlink -f $0))/load-devel-config
 
 print_usage () {
@@ -121,7 +120,6 @@ reset_env ()
 	unset FLEXRAN_SDK
 	unset LIBMUSDK_PATH
 	unset LIBSSO_SNOW3G_PATH
-	unset LIBSSO_KASUMI_PATH
 	unset PQOS_INSTALL_PATH
 }
 
@@ -183,10 +181,10 @@ config () # <directory> <target> <options>
 		sed -ri=""      's,(PMD_AESNI_GCM=)n,\1y,' $1/.config
 		test "$DPDK_DEP_IPSEC_MB" != y || \
 		sed -ri=""            's,(PMD_ZUC=)n,\1y,' $1/.config
+		test "$DPDK_DEP_IPSEC_MB" != y || \
+		sed -ri=""         's,(PMD_KASUMI=)n,\1y,' $1/.config
 		test -z "$LIBSSO_SNOW3G_PATH" || \
 		sed -ri=""         's,(PMD_SNOW3G=)n,\1y,' $1/.config
-		test -z "$LIBSSO_KASUMI_PATH" || \
-		sed -ri=""         's,(PMD_KASUMI=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
 		sed -ri=""            's,(PMD_CCP=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
diff --git a/doc/guides/cryptodevs/kasumi.rst b/doc/guides/cryptodevs/kasumi.rst
index 2265eee..6c86fe2 100644
--- a/doc/guides/cryptodevs/kasumi.rst
+++ b/doc/guides/cryptodevs/kasumi.rst
@@ -1,12 +1,12 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright(c) 2016 Intel Corporation.
+    Copyright(c) 2016-2019 Intel Corporation.
 
 KASUMI Crypto Poll Mode Driver
 ===============================
 
-The KASUMI PMD (**librte_pmd_kasumi**) provides poll mode crypto driver
-support for utilizing Intel Libsso library, which implements F8 and F9 functions
-for KASUMI UEA1 cipher and UIA1 hash algorithms.
+The KASUMI PMD (**librte_pmd_kasumi**) provides poll mode crypto driver support for
+utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_
+which implements F8 and F9 functions for KASUMI UEA1 cipher and UIA1 hash algorithms.
 
 Features
 --------
@@ -33,33 +33,33 @@ Limitations
 Installation
 ------------
 
-To build DPDK with the KASUMI_PMD the user is required to download
-the export controlled ``libsso_kasumi`` library, by registering in
-`Intel Resource & Design Center <https://www.intel.com/content/www/us/en/design/resource-design-center.html>`_.
-Once approval has been granted, the user needs to search for
-*Kasumi F8 F9 3GPP cryptographic algorithms Software Library* to download the
-library or directly through this `link <https://cdrdv2.intel.com/v1/dl/getContent/575866>`_.
+To build DPDK with the KASUMI_PMD the user is required to download the multi-buffer
+library from `here <https://github.com/01org/intel-ipsec-mb>`_
+and compile it on their user system before building DPDK.
+The latest version of the library supported by this PMD is v0.53, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+
 After downloading the library, the user needs to unpack and compile it
-on their system before building DPDK::
+on their system before building DPDK:
+
+.. code-block:: console
 
-   make
+    make
+    make install
 
-**Note**: When encrypting with KASUMI F8, by default the library
-encrypts full blocks of 8 bytes, regardless the number of bytes to
-be encrypted provided (which leads to a possible buffer overflow).
-To avoid this situation, it is necessary not to pass
-3GPP_SAFE_BUFFERS as a compilation flag.
-Also, this is required when using chained operations
-(cipher-then-auth/auth-then-cipher).
-For this, in the Makefile of the library, make sure that this flag
-is commented out::
+As a reference, the following table shows a mapping between the past DPDK versions
+and the external crypto libraries supported by them:
 
-  #EXTRA_CFLAGS  += -D_3GPP_SAFE_BUFFERS
+.. _table_kasumi_versions:
 
-**Note**: To build the PMD as a shared library, the libsso_kasumi
-library must be built as follows::
+.. table:: DPDK and external crypto library version compatibility
 
-  make KASUMI_CFLAGS=-DKASUMI_C
+   =============  ================================
+   DPDK version   Crypto library version
+   =============  ================================
+   16.11 - 19.11  LibSSO KASUMI
+   20.02+         Multi-buffer library 0.53
+   =============  ================================
 
 
 Initialization
@@ -67,12 +67,16 @@ Initialization
 
 In order to enable this virtual crypto PMD, user must:
 
-* Export the environmental variable LIBSSO_KASUMI_PATH with the path where
-  the library was extracted (kasumi folder).
+* Build the multi buffer library (explained in Installation section).
+
+* Build DPDK as follows:
+
+.. code-block:: console
 
-* Build the LIBSSO library (explained in Installation section).
+	make config T=x86_64-native-linux-gcc
+	sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_KASUMI\)=n,\1=y,' build/.config
+	make
 
-* Set CONFIG_RTE_LIBRTE_PMD_KASUMI=y in config/common_base.
 
 To use the PMD in an application, user must:
 
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index 4216e0b..a3f6154 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -63,6 +63,11 @@ New Features
   * Removed dynamic library limitation, so PMD can be built as a shared
     object now.
 
+* **Updated the KASUMI PMD.**
+
+  * Transistioned underlying library from libSSO KASUMI to intel-ipsec-mb
+    library (minimum version required 0.53).
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/kasumi/Makefile b/drivers/crypto/kasumi/Makefile
index 26f5137..c94d6bd 100644
--- a/drivers/crypto/kasumi/Makefile
+++ b/drivers/crypto/kasumi/Makefile
@@ -3,12 +3,6 @@
 
 include $(RTE_SDK)/mk/rte.vars.mk
 
-ifneq ($(MAKECMDGOALS),clean)
-ifeq ($(LIBSSO_KASUMI_PATH),)
-$(error "Please define LIBSSO_KASUMI_PATH environment variable")
-endif
-endif
-
 # library name
 LIB = librte_pmd_kasumi.a
 
@@ -21,14 +15,26 @@ CFLAGS += -DALLOW_EXPERIMENTAL_API
 EXPORT_MAP := rte_pmd_kasumi_version.map
 
 # external library dependencies
-CFLAGS += -I$(LIBSSO_KASUMI_PATH)
-CFLAGS += -I$(LIBSSO_KASUMI_PATH)/include
-CFLAGS += -I$(LIBSSO_KASUMI_PATH)/build
-LDLIBS += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi
+LDLIBS += -lIPSec_MB
 LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring
 LDLIBS += -lrte_cryptodev
 LDLIBS += -lrte_bus_vdev
 
+IMB_HDR = $(shell echo '\#include <intel-ipsec-mb.h>' | \
+	$(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \
+	head -n1 | cut -d'"' -f2)
+
+# Detect library version
+IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2)
+IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3)
+
+ifeq ($(IMB_VERSION),)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
+ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
 # library source files
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += rte_kasumi_pmd.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += rte_kasumi_pmd_ops.c
diff --git a/drivers/crypto/kasumi/kasumi_pmd_private.h b/drivers/crypto/kasumi/kasumi_pmd_private.h
index 7ac19c5..3b3a695 100644
--- a/drivers/crypto/kasumi/kasumi_pmd_private.h
+++ b/drivers/crypto/kasumi/kasumi_pmd_private.h
@@ -5,7 +5,7 @@
 #ifndef _KASUMI_PMD_PRIVATE_H_
 #define _KASUMI_PMD_PRIVATE_H_
 
-#include <sso_kasumi.h>
+#include <intel-ipsec-mb.h>
 
 #define CRYPTODEV_NAME_KASUMI_PMD	crypto_kasumi
 /**< KASUMI PMD device name */
@@ -24,6 +24,8 @@ int kasumi_logtype_driver;
 struct kasumi_private {
 	unsigned max_nb_queue_pairs;
 	/**< Max number of queue pairs supported by device */
+	MB_MGR *mgr;
+	/**< Multi-buffer instance */
 };
 
 /** KASUMI buffer queue pair */
@@ -45,6 +47,8 @@ struct kasumi_qp {
 	 * by the driver when verifying a digest provided
 	 * by the user (using authentication verify operation)
 	 */
+	MB_MGR *mgr;
+	/**< Multi-buffer instance */
 } __rte_cache_aligned;
 
 enum kasumi_operation {
@@ -58,8 +62,8 @@ enum kasumi_operation {
 /** KASUMI private session structure */
 struct kasumi_session {
 	/* Keys have to be 16-byte aligned */
-	sso_kasumi_key_sched_t pKeySched_cipher;
-	sso_kasumi_key_sched_t pKeySched_hash;
+	kasumi_key_sched_t pKeySched_cipher;
+	kasumi_key_sched_t pKeySched_hash;
 	enum kasumi_operation op;
 	enum rte_crypto_auth_operation auth_op;
 	uint16_t cipher_iv_offset;
@@ -67,7 +71,7 @@ struct kasumi_session {
 
 
 int
-kasumi_set_session_parameters(struct kasumi_session *sess,
+kasumi_set_session_parameters(MB_MGR *mgr, struct kasumi_session *sess,
 		const struct rte_crypto_sym_xform *xform);
 
 
diff --git a/drivers/crypto/kasumi/meson.build b/drivers/crypto/kasumi/meson.build
index 90a3c4f..9639aaf 100644
--- a/drivers/crypto/kasumi/meson.build
+++ b/drivers/crypto/kasumi/meson.build
@@ -1,14 +1,26 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2018 Intel Corporation
+# Copyright(c) 2018-2019 Intel Corporation
 
-lib = cc.find_library('sso_kasumi', required: false)
-if not lib.found() or not cc.has_header('sso_kasumi.h')
+IMB_required_ver = '0.53.0'
+lib = cc.find_library('IPSec_MB', required: false)
+if not lib.found()
 	build = false
-	reason = 'missing dependency, "libsso_kasumi"'
-	subdir_done()
+	reason = 'missing dependency, "libIPSec_MB"'
+else
+	ext_deps += lib
+
+	# version comes with quotes, so we split based on " and take the middle
+	imb_ver = cc.get_define('IMB_VERSION_STR',
+		prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
+
+	if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver))
+		message('IPSec_MB version >= @0@ is required, found version @1@'.format(
+				IMB_required_ver, imb_ver))
+		build = false
+	endif
+
 endif
 
 allow_experimental_apis = true
-ext_deps += lib
 sources = files('rte_kasumi_pmd.c', 'rte_kasumi_pmd_ops.c')
 deps += ['bus_vdev']
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index d0583ef..baad5b4 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -54,7 +54,7 @@ kasumi_get_mode(const struct rte_crypto_sym_xform *xform)
 
 /** Parse crypto xform chain and set private session parameters. */
 int
-kasumi_set_session_parameters(struct kasumi_session *sess,
+kasumi_set_session_parameters(MB_MGR *mgr, struct kasumi_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
 	const struct rte_crypto_sym_xform *auth_xform = NULL;
@@ -97,7 +97,7 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		}
 
 		/* Initialize key */
-		sso_kasumi_init_f8_key_sched(cipher_xform->cipher.key.data,
+		IMB_KASUMI_INIT_F8_KEY_SCHED(mgr, cipher_xform->cipher.key.data,
 				&sess->pKeySched_cipher);
 	}
 
@@ -116,7 +116,7 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		sess->auth_op = auth_xform->auth.op;
 
 		/* Initialize key */
-		sso_kasumi_init_f9_key_sched(auth_xform->auth.key.data,
+		IMB_KASUMI_INIT_F9_KEY_SCHED(mgr, auth_xform->auth.key.data,
 				&sess->pKeySched_hash);
 	}
 
@@ -151,7 +151,7 @@ kasumi_get_session(struct kasumi_qp *qp, struct rte_crypto_op *op)
 
 		sess = (struct kasumi_session *)_sess_private_data;
 
-		if (unlikely(kasumi_set_session_parameters(sess,
+		if (unlikely(kasumi_set_session_parameters(qp->mgr, sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
 			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
@@ -170,13 +170,13 @@ kasumi_get_session(struct kasumi_qp *qp, struct rte_crypto_op *op)
 
 /** Encrypt/decrypt mbufs with same cipher key. */
 static uint8_t
-process_kasumi_cipher_op(struct rte_crypto_op **ops,
-		struct kasumi_session *session,
-		uint8_t num_ops)
+process_kasumi_cipher_op(struct kasumi_qp *qp, struct rte_crypto_op **ops,
+		struct kasumi_session *session, uint8_t num_ops)
 {
 	unsigned i;
 	uint8_t processed_ops = 0;
-	uint8_t *src[num_ops], *dst[num_ops];
+	const void *src[num_ops];
+	void *dst[num_ops];
 	uint8_t *iv_ptr;
 	uint64_t iv[num_ops];
 	uint32_t num_bytes[num_ops];
@@ -198,7 +198,7 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 	}
 
 	if (processed_ops != 0)
-		sso_kasumi_f8_n_buffer(&session->pKeySched_cipher, iv,
+		IMB_KASUMI_F8_N_BUFFER(qp->mgr, &session->pKeySched_cipher, iv,
 			src, dst, num_bytes, processed_ops);
 
 	return processed_ops;
@@ -206,7 +206,7 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 
 /** Encrypt/decrypt mbuf (bit level function). */
 static uint8_t
-process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
+process_kasumi_cipher_op_bit(struct kasumi_qp *qp, struct rte_crypto_op *op,
 		struct kasumi_session *session)
 {
 	uint8_t *src, *dst;
@@ -216,18 +216,16 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 
 	offset_in_bits = op->sym->cipher.data.offset;
 	src = rte_pktmbuf_mtod(op->sym->m_src, uint8_t *);
-	if (op->sym->m_dst == NULL) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-		KASUMI_LOG(ERR, "bit-level in-place not supported");
-		return 0;
-	}
-	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
+	if (op->sym->m_dst == NULL)
+		dst = src;
+	else
+		dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
 	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
 			session->cipher_iv_offset);
 	iv = *((uint64_t *)(iv_ptr));
 	length_in_bits = op->sym->cipher.data.length;
 
-	sso_kasumi_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
+	IMB_KASUMI_F8_1_BUFFER_BIT(qp->mgr, &session->pKeySched_cipher, iv,
 			src, dst, length_in_bits, offset_in_bits);
 
 	return 1;
@@ -262,7 +260,8 @@ process_kasumi_hash_op(struct kasumi_qp *qp, struct rte_crypto_op **ops,
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = qp->temp_digest;
-			sso_kasumi_f9_1_buffer(&session->pKeySched_hash, src,
+			IMB_KASUMI_F9_1_BUFFER(qp->mgr,
+					&session->pKeySched_hash, src,
 					num_bytes, dst);
 
 			/* Verify digest. */
@@ -272,7 +271,8 @@ process_kasumi_hash_op(struct kasumi_qp *qp, struct rte_crypto_op **ops,
 		} else  {
 			dst = ops[i]->sym->auth.digest.data;
 
-			sso_kasumi_f9_1_buffer(&session->pKeySched_hash, src,
+			IMB_KASUMI_F9_1_BUFFER(qp->mgr,
+					&session->pKeySched_hash, src,
 					num_bytes, dst);
 		}
 		processed_ops++;
@@ -292,7 +292,7 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
 
 	switch (session->op) {
 	case KASUMI_OP_ONLY_CIPHER:
-		processed_ops = process_kasumi_cipher_op(ops,
+		processed_ops = process_kasumi_cipher_op(qp, ops,
 				session, num_ops);
 		break;
 	case KASUMI_OP_ONLY_AUTH:
@@ -300,14 +300,14 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
 				num_ops);
 		break;
 	case KASUMI_OP_CIPHER_AUTH:
-		processed_ops = process_kasumi_cipher_op(ops, session,
+		processed_ops = process_kasumi_cipher_op(qp, ops, session,
 				num_ops);
 		process_kasumi_hash_op(qp, ops, session, processed_ops);
 		break;
 	case KASUMI_OP_AUTH_CIPHER:
 		processed_ops = process_kasumi_hash_op(qp, ops, session,
 				num_ops);
-		process_kasumi_cipher_op(ops, session, processed_ops);
+		process_kasumi_cipher_op(qp, ops, session, processed_ops);
 		break;
 	default:
 		/* Operation not supported. */
@@ -350,21 +350,21 @@ process_op_bit(struct rte_crypto_op *op, struct kasumi_session *session,
 
 	switch (session->op) {
 	case KASUMI_OP_ONLY_CIPHER:
-		processed_op = process_kasumi_cipher_op_bit(op,
+		processed_op = process_kasumi_cipher_op_bit(qp, op,
 				session);
 		break;
 	case KASUMI_OP_ONLY_AUTH:
 		processed_op = process_kasumi_hash_op(qp, &op, session, 1);
 		break;
 	case KASUMI_OP_CIPHER_AUTH:
-		processed_op = process_kasumi_cipher_op_bit(op, session);
+		processed_op = process_kasumi_cipher_op_bit(qp, op, session);
 		if (processed_op == 1)
 			process_kasumi_hash_op(qp, &op, session, 1);
 		break;
 	case KASUMI_OP_AUTH_CIPHER:
 		processed_op = process_kasumi_hash_op(qp, &op, session, 1);
 		if (processed_op == 1)
-			process_kasumi_cipher_op_bit(op, session);
+			process_kasumi_cipher_op_bit(qp, op, session);
 		break;
 	default:
 		/* Operation not supported. */
@@ -533,7 +533,7 @@ cryptodev_kasumi_create(const char *name,
 {
 	struct rte_cryptodev *dev;
 	struct kasumi_private *internals;
-	uint64_t cpu_flags = 0;
+	MB_MGR *mgr;
 
 	dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
 	if (dev == NULL) {
@@ -541,12 +541,6 @@ cryptodev_kasumi_create(const char *name,
 		goto init_error;
 	}
 
-	/* Check CPU for supported vector instruction set */
-	if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX))
-		cpu_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
-	else
-		cpu_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
-
 	dev->driver_id = cryptodev_driver_id;
 	dev->dev_ops = rte_kasumi_pmd_ops;
 
@@ -555,12 +549,24 @@ cryptodev_kasumi_create(const char *name,
 	dev->enqueue_burst = kasumi_pmd_enqueue_burst;
 
 	dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
-			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
-			cpu_flags;
+			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING;
+
+	mgr = alloc_mb_mgr(0);
+	if (mgr == NULL)
+		return -ENOMEM;
+
+	if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
+		init_mb_mgr_avx(mgr);
+	} else {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
+		init_mb_mgr_sse(mgr);
+	}
 
 	internals = dev->data->dev_private;
 
 	internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs;
+	internals->mgr = mgr;
 
 	return 0;
 init_error:
@@ -598,6 +604,7 @@ cryptodev_kasumi_remove(struct rte_vdev_device *vdev)
 {
 	struct rte_cryptodev *cryptodev;
 	const char *name;
+	struct kasumi_private *internals;
 
 	name = rte_vdev_device_name(vdev);
 	if (name == NULL)
@@ -607,6 +614,10 @@ cryptodev_kasumi_remove(struct rte_vdev_device *vdev)
 	if (cryptodev == NULL)
 		return -ENODEV;
 
+	internals = cryptodev->data->dev_private;
+
+	free_mb_mgr(internals->mgr);
+
 	return rte_cryptodev_pmd_destroy(cryptodev);
 }
 
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
index 5ce4953..55fbe00 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
@@ -195,6 +195,7 @@ kasumi_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		int socket_id)
 {
 	struct kasumi_qp *qp = NULL;
+	struct kasumi_private *internals = dev->data->dev_private;
 
 	/* Free memory prior to re-allocation if needed. */
 	if (dev->data->queue_pairs[qp_id] != NULL)
@@ -217,6 +218,7 @@ kasumi_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (qp->processed_ops == NULL)
 		goto qp_setup_cleanup;
 
+	qp->mgr = internals->mgr;
 	qp->sess_mp = qp_conf->mp_session;
 	qp->sess_mp_priv = qp_conf->mp_session_private;
 
@@ -246,13 +248,14 @@ kasumi_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 
 /** Configure a KASUMI session from a crypto xform chain */
 static int
-kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
+kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
 		struct rte_cryptodev_sym_session *sess,
 		struct rte_mempool *mempool)
 {
 	void *sess_private_data;
 	int ret;
+	struct kasumi_private *internals = dev->data->dev_private;
 
 	if (unlikely(sess == NULL)) {
 		KASUMI_LOG(ERR, "invalid session struct");
@@ -265,7 +268,8 @@ kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -ENOMEM;
 	}
 
-	ret = kasumi_set_session_parameters(sess_private_data, xform);
+	ret = kasumi_set_session_parameters(internals->mgr,
+					sess_private_data, xform);
 	if (ret != 0) {
 		KASUMI_LOG(ERR, "failed configure session parameters");
 
diff --git a/mk/rte.app.mk b/mk/rte.app.mk
index 62724cc..a8163f1 100644
--- a/mk/rte.app.mk
+++ b/mk/rte.app.mk
@@ -270,7 +270,7 @@ endif # CONFIG_RTE_LIBRTE_PMD_QAT
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -lrte_pmd_snow3g
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -L$(LIBSSO_SNOW3G_PATH)/build -lsso_snow3g
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lrte_pmd_kasumi
-_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lrte_pmd_zuc
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO)    += -lrte_pmd_armv8
-- 
2.7.5


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH 3/3] crypto/snow3g: use IPSec library
  2019-12-11 14:20 [dpdk-dev] [PATCH 0/3] Use Intel IPSec MB library in Wireless PMDs Pablo de Lara
  2019-12-11 14:20 ` [dpdk-dev] [PATCH 1/3] crypto/zuc: use IPSec library Pablo de Lara
  2019-12-11 14:20 ` [dpdk-dev] [PATCH 2/3] crypto/kasumi: " Pablo de Lara
@ 2019-12-11 14:20 ` Pablo de Lara
  2020-01-13 11:40 ` [dpdk-dev] [PATCH v2 0/3] Use Intel IPSec MB library in Wireless PMDs Pablo de Lara
  3 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2019-12-11 14:20 UTC (permalink / raw)
  To: akhil.goyal, declan.doherty; +Cc: dev, Pablo de Lara

Link against Intel IPSec Multi-buffer library, which
added support for SNOW3G-UEA2 and SNOW3G-UIA2 from version v0.53,
moving from libSSO SNOW3G library.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 devtools/test-build.sh                     |  4 +-
 doc/guides/cryptodevs/snow3g.rst           | 58 +++++++++++---------
 doc/guides/rel_notes/release_20_02.rst     |  5 ++
 drivers/crypto/snow3g/Makefile             | 29 ++++++----
 drivers/crypto/snow3g/meson.build          | 21 ++++++--
 drivers/crypto/snow3g/rte_snow3g_pmd.c     | 85 ++++++++++++++++++------------
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c |  8 ++-
 drivers/crypto/snow3g/snow3g_pmd_private.h | 14 +++--
 mk/rte.app.mk                              |  2 +-
 9 files changed, 141 insertions(+), 85 deletions(-)

diff --git a/devtools/test-build.sh b/devtools/test-build.sh
index 56c744f..7bdd35e 100755
--- a/devtools/test-build.sh
+++ b/devtools/test-build.sh
@@ -27,7 +27,6 @@ default_path=$PATH
 # - DPDK_NOTIFY (notify-send)
 # - FLEXRAN_SDK
 # - LIBMUSDK_PATH
-# - LIBSSO_SNOW3G_PATH
 . $(dirname $(readlink -f $0))/load-devel-config
 
 print_usage () {
@@ -119,7 +118,6 @@ reset_env ()
 	unset ARMV8_CRYPTO_LIB_PATH
 	unset FLEXRAN_SDK
 	unset LIBMUSDK_PATH
-	unset LIBSSO_SNOW3G_PATH
 	unset PQOS_INSTALL_PATH
 }
 
@@ -183,7 +181,7 @@ config () # <directory> <target> <options>
 		sed -ri=""            's,(PMD_ZUC=)n,\1y,' $1/.config
 		test "$DPDK_DEP_IPSEC_MB" != y || \
 		sed -ri=""         's,(PMD_KASUMI=)n,\1y,' $1/.config
-		test -z "$LIBSSO_SNOW3G_PATH" || \
+		test "$DPDK_DEP_IPSEC_MB" != y || \
 		sed -ri=""         's,(PMD_SNOW3G=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
 		sed -ri=""            's,(PMD_CCP=)n,\1y,' $1/.config
diff --git a/doc/guides/cryptodevs/snow3g.rst b/doc/guides/cryptodevs/snow3g.rst
index 7cba712..d45bcad 100644
--- a/doc/guides/cryptodevs/snow3g.rst
+++ b/doc/guides/cryptodevs/snow3g.rst
@@ -1,12 +1,12 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright(c) 2016 Intel Corporation.
+    Copyright(c) 2016-2019 Intel Corporation.
 
 SNOW 3G Crypto Poll Mode Driver
 ===============================
 
-The SNOW 3G PMD (**librte_pmd_snow3g**) provides poll mode crypto driver
-support for utilizing Intel Libsso library, which implements F8 and F9 functions
-for SNOW 3G UEA2 cipher and UIA2 hash algorithms.
+The SNOW3G PMD (**librte_snow3g_zuc**) provides poll mode crypto driver support for
+utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_
+which implements F8 and F8 functions for SNOW 3G UEA2 cipher and UIA2 hash algorithms.
 
 Features
 --------
@@ -32,26 +32,33 @@ Limitations
 Installation
 ------------
 
-To build DPDK with the SNOW3G_PMD the user is required to download
-the export controlled ``libsso_snow3g`` library, by registering in
-`Intel Resource & Design Center <https://www.intel.com/content/www/us/en/design/resource-design-center.html>`_.
-Once approval has been granted, the user needs to search for
-*Snow3G F8 F9 3GPP cryptographic algorithms Software Library* to download the
-library or directly through this `link <https://cdrdv2.intel.com/v1/dl/getContent/575867>`_.
+To build DPDK with the SNOW3G_PMD the user is required to download the multi-buffer
+library from `here <https://github.com/01org/intel-ipsec-mb>`_
+and compile it on their user system before building DPDK.
+The latest version of the library supported by this PMD is v0.53, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+
 After downloading the library, the user needs to unpack and compile it
-on their system before building DPDK::
+on their system before building DPDK:
+
+.. code-block:: console
+
+    make
+    make install
 
-   make snow3G
+As a reference, the following table shows a mapping between the past DPDK versions
+and the external crypto libraries supported by them:
 
-**Note**: When encrypting with SNOW3G UEA2, by default the library
-encrypts blocks of 4 bytes, regardless the number of bytes to
-be encrypted provided (which leads to a possible buffer overflow).
-To avoid this situation, it is necessary not to pass
-3GPP_SAFE_BUFFERS as a compilation flag.
-For this, in the Makefile of the library, make sure that this flag
-is commented out.::
+.. _table_zuc_versions:
 
-  #EXTRA_CFLAGS  += -D_3GPP_SAFE_BUFFERS
+.. table:: DPDK and external crypto library version compatibility
+
+   =============  ================================
+   DPDK version   Crypto library version
+   =============  ================================
+   16.04 - 19.11  LibSSO SNOW3G
+   20.02+         Multi-buffer library 0.53
+   =============  ================================
 
 
 Initialization
@@ -59,12 +66,15 @@ Initialization
 
 In order to enable this virtual crypto PMD, user must:
 
-* Export the environmental variable LIBSSO_SNOW3G_PATH with the path where
-  the library was extracted (snow3g folder).
+* Build the multi buffer library (explained in Installation section).
+
+* Build DPDK as follows:
 
-* Build the LIBSSO_SNOW3G library (explained in Installation section).
+.. code-block:: console
 
-* Set CONFIG_RTE_LIBRTE_PMD_SNOW3G=y in config/common_base.
+	make config T=x86_64-native-linux-gcc
+	sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_SNOW3G\)=n,\1=y,' build/.config
+	make
 
 To use the PMD in an application, user must:
 
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index a3f6154..2532b21 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -68,6 +68,11 @@ New Features
   * Transistioned underlying library from libSSO KASUMI to intel-ipsec-mb
     library (minimum version required 0.53).
 
+* **Updated the SNOW3G PMD.**
+
+  * Transistioned underlying library from libSSO SNOW3G to intel-ipsec-mb
+    library (minimum version required 0.53).
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/snow3g/Makefile b/drivers/crypto/snow3g/Makefile
index 4086c57..438119c 100644
--- a/drivers/crypto/snow3g/Makefile
+++ b/drivers/crypto/snow3g/Makefile
@@ -1,14 +1,8 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2016 Intel Corporation
+# Copyright(c) 2016-2019 Intel Corporation
 
 include $(RTE_SDK)/mk/rte.vars.mk
 
-ifneq ($(MAKECMDGOALS),clean)
-ifeq ($(LIBSSO_SNOW3G_PATH),)
-$(error "Please define LIBSSO_SNOW3G_PATH environment variable")
-endif
-endif
-
 # library name
 LIB = librte_pmd_snow3g.a
 
@@ -21,14 +15,27 @@ CFLAGS += -DALLOW_EXPERIMENTAL_API
 EXPORT_MAP := rte_pmd_snow3g_version.map
 
 # external library dependencies
-CFLAGS += -I$(LIBSSO_SNOW3G_PATH)
-CFLAGS += -I$(LIBSSO_SNOW3G_PATH)/include
-CFLAGS += -I$(LIBSSO_SNOW3G_PATH)/build
-LDLIBS += -L$(LIBSSO_SNOW3G_PATH)/build -lsso_snow3g
+LDLIBS += -lIPSec_MB
 LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring
 LDLIBS += -lrte_cryptodev
 LDLIBS += -lrte_bus_vdev
 
+IMB_HDR = $(shell echo '\#include <intel-ipsec-mb.h>' | \
+	$(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \
+	head -n1 | cut -d'"' -f2)
+
+# Detect library version
+IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2)
+IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3)
+
+ifeq ($(IMB_VERSION),)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
+ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
 # library source files
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += rte_snow3g_pmd.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += rte_snow3g_pmd_ops.c
diff --git a/drivers/crypto/snow3g/meson.build b/drivers/crypto/snow3g/meson.build
index 0e8742a..e9497bd 100644
--- a/drivers/crypto/snow3g/meson.build
+++ b/drivers/crypto/snow3g/meson.build
@@ -1,11 +1,24 @@
 # SPDX-License-Identifier: BSD-3-Clause
 # Copyright(c) 2019 Intel Corporation
 
-lib = cc.find_library('sso_snow3g', required: false)
-if not lib.found() or not cc.has_header('sso_snow3g.h')
+IMB_required_ver = '0.53.0'
+lib = cc.find_library('IPSec_MB', required: false)
+if not lib.found()
 	build = false
-	reason = 'missing dependency, "libsso_snow3g"'
-	subdir_done()
+	reason = 'missing dependency, "libIPSec_MB"'
+else
+	ext_deps += lib
+
+	# version comes with quotes, so we split based on " and take the middle
+	imb_ver = cc.get_define('IMB_VERSION_STR',
+		prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
+
+	if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver))
+		message('IPSec_MB version >= @0@ is required, found version @1@'.format(
+				IMB_required_ver, imb_ver))
+		build = false
+	endif
+
 endif
 
 allow_experimental_apis = true
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 9d07e1a..d72112b 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -53,7 +53,7 @@ snow3g_get_mode(const struct rte_crypto_sym_xform *xform)
 
 /** Parse crypto xform chain and set private session parameters. */
 int
-snow3g_set_session_parameters(struct snow3g_session *sess,
+snow3g_set_session_parameters(MB_MGR *mgr, struct snow3g_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
 	const struct rte_crypto_sym_xform *auth_xform = NULL;
@@ -84,8 +84,6 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 	}
 
 	if (cipher_xform) {
-		uint8_t cipher_key[SNOW3G_MAX_KEY_SIZE];
-
 		/* Only SNOW 3G UEA2 supported */
 		if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_SNOW3G_UEA2)
 			return -ENOTSUP;
@@ -102,14 +100,11 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 		sess->cipher_iv_offset = cipher_xform->cipher.iv.offset;
 
 		/* Initialize key */
-		memcpy(cipher_key, cipher_xform->cipher.key.data,
-				cipher_xform->cipher.key.length);
-		sso_snow3g_init_key_sched(cipher_key, &sess->pKeySched_cipher);
+		IMB_SNOW3G_INIT_KEY_SCHED(mgr, cipher_xform->cipher.key.data,
+					&sess->pKeySched_cipher);
 	}
 
 	if (auth_xform) {
-		uint8_t auth_key[SNOW3G_MAX_KEY_SIZE];
-
 		/* Only SNOW 3G UIA2 supported */
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_SNOW3G_UIA2)
 			return -ENOTSUP;
@@ -132,12 +127,10 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 		sess->auth_iv_offset = auth_xform->auth.iv.offset;
 
 		/* Initialize key */
-		memcpy(auth_key, auth_xform->auth.key.data,
-				auth_xform->auth.key.length);
-		sso_snow3g_init_key_sched(auth_key, &sess->pKeySched_hash);
+		IMB_SNOW3G_INIT_KEY_SCHED(mgr, auth_xform->auth.key.data,
+					&sess->pKeySched_hash);
 	}
 
-
 	sess->op = mode;
 
 	return 0;
@@ -168,7 +161,7 @@ snow3g_get_session(struct snow3g_qp *qp, struct rte_crypto_op *op)
 
 		sess = (struct snow3g_session *)_sess_private_data;
 
-		if (unlikely(snow3g_set_session_parameters(sess,
+		if (unlikely(snow3g_set_session_parameters(qp->mgr, sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
 			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
@@ -188,14 +181,15 @@ snow3g_get_session(struct snow3g_qp *qp, struct rte_crypto_op *op)
 
 /** Encrypt/decrypt mbufs with same cipher key. */
 static uint8_t
-process_snow3g_cipher_op(struct rte_crypto_op **ops,
+process_snow3g_cipher_op(struct snow3g_qp *qp, struct rte_crypto_op **ops,
 		struct snow3g_session *session,
 		uint8_t num_ops)
 {
 	unsigned i;
 	uint8_t processed_ops = 0;
-	uint8_t *src[SNOW3G_MAX_BURST], *dst[SNOW3G_MAX_BURST];
-	uint8_t *iv[SNOW3G_MAX_BURST];
+	const void *src[SNOW3G_MAX_BURST];
+	void *dst[SNOW3G_MAX_BURST];
+	const void *iv[SNOW3G_MAX_BURST];
 	uint32_t num_bytes[SNOW3G_MAX_BURST];
 
 	for (i = 0; i < num_ops; i++) {
@@ -213,15 +207,16 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 		processed_ops++;
 	}
 
-	sso_snow3g_f8_n_buffer(&session->pKeySched_cipher, iv, src, dst,
-			num_bytes, processed_ops);
+	IMB_SNOW3G_F8_N_BUFFER(qp->mgr, &session->pKeySched_cipher, iv,
+			src, dst, num_bytes, processed_ops);
 
 	return processed_ops;
 }
 
 /** Encrypt/decrypt mbuf (bit level function). */
 static uint8_t
-process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
+process_snow3g_cipher_op_bit(struct snow3g_qp *qp,
+		struct rte_crypto_op *op,
 		struct snow3g_session *session)
 {
 	uint8_t *src, *dst;
@@ -240,7 +235,7 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 				session->cipher_iv_offset);
 	length_in_bits = op->sym->cipher.data.length;
 
-	sso_snow3g_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
+	IMB_SNOW3G_F8_1_BUFFER_BIT(qp->mgr, &session->pKeySched_cipher, iv,
 			src, dst, length_in_bits, offset_in_bits);
 
 	return 1;
@@ -276,9 +271,9 @@ process_snow3g_hash_op(struct snow3g_qp *qp, struct rte_crypto_op **ops,
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = qp->temp_digest;
 
-			sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
-					iv, src,
-					length_in_bits,	dst);
+			IMB_SNOW3G_F9_1_BUFFER(qp->mgr,
+					&session->pKeySched_hash,
+					iv, src, length_in_bits, dst);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
 					SNOW3G_DIGEST_LENGTH) != 0)
@@ -286,9 +281,9 @@ process_snow3g_hash_op(struct snow3g_qp *qp, struct rte_crypto_op **ops,
 		} else  {
 			dst = ops[i]->sym->auth.digest.data;
 
-			sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
-					iv, src,
-					length_in_bits, dst);
+			IMB_SNOW3G_F9_1_BUFFER(qp->mgr,
+					&session->pKeySched_hash,
+					iv, src, length_in_bits, dst);
 		}
 		processed_ops++;
 	}
@@ -322,7 +317,7 @@ process_ops(struct rte_crypto_op **ops, struct snow3g_session *session,
 
 	switch (session->op) {
 	case SNOW3G_OP_ONLY_CIPHER:
-		processed_ops = process_snow3g_cipher_op(ops,
+		processed_ops = process_snow3g_cipher_op(qp, ops,
 				session, num_ops);
 		break;
 	case SNOW3G_OP_ONLY_AUTH:
@@ -330,14 +325,14 @@ process_ops(struct rte_crypto_op **ops, struct snow3g_session *session,
 				num_ops);
 		break;
 	case SNOW3G_OP_CIPHER_AUTH:
-		processed_ops = process_snow3g_cipher_op(ops, session,
+		processed_ops = process_snow3g_cipher_op(qp, ops, session,
 				num_ops);
 		process_snow3g_hash_op(qp, ops, session, processed_ops);
 		break;
 	case SNOW3G_OP_AUTH_CIPHER:
 		processed_ops = process_snow3g_hash_op(qp, ops, session,
 				num_ops);
-		process_snow3g_cipher_op(ops, session, processed_ops);
+		process_snow3g_cipher_op(qp, ops, session, processed_ops);
 		break;
 	default:
 		/* Operation not supported. */
@@ -380,21 +375,21 @@ process_op_bit(struct rte_crypto_op *op, struct snow3g_session *session,
 
 	switch (session->op) {
 	case SNOW3G_OP_ONLY_CIPHER:
-		processed_op = process_snow3g_cipher_op_bit(op,
+		processed_op = process_snow3g_cipher_op_bit(qp, op,
 				session);
 		break;
 	case SNOW3G_OP_ONLY_AUTH:
 		processed_op = process_snow3g_hash_op(qp, &op, session, 1);
 		break;
 	case SNOW3G_OP_CIPHER_AUTH:
-		processed_op = process_snow3g_cipher_op_bit(op, session);
+		processed_op = process_snow3g_cipher_op_bit(qp, op, session);
 		if (processed_op == 1)
 			process_snow3g_hash_op(qp, &op, session, 1);
 		break;
 	case SNOW3G_OP_AUTH_CIPHER:
 		processed_op = process_snow3g_hash_op(qp, &op, session, 1);
 		if (processed_op == 1)
-			process_snow3g_cipher_op_bit(op, session);
+			process_snow3g_cipher_op_bit(qp, op, session);
 		break;
 	default:
 		/* Operation not supported. */
@@ -550,7 +545,7 @@ cryptodev_snow3g_create(const char *name,
 {
 	struct rte_cryptodev *dev;
 	struct snow3g_private *internals;
-	uint64_t cpu_flags = RTE_CRYPTODEV_FF_CPU_SSE;
+	MB_MGR *mgr;
 
 	dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
 	if (dev == NULL) {
@@ -566,10 +561,25 @@ cryptodev_snow3g_create(const char *name,
 	dev->enqueue_burst = snow3g_pmd_enqueue_burst;
 
 	dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
-			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
-			cpu_flags;
+			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING;
+
+	mgr = alloc_mb_mgr(0);
+	if (mgr == NULL)
+		return -ENOMEM;
+
+	if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX2)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX2;
+		init_mb_mgr_avx2(mgr);
+	} else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
+		init_mb_mgr_avx(mgr);
+	} else {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
+		init_mb_mgr_sse(mgr);
+	}
 
 	internals = dev->data->dev_private;
+	internals->mgr = mgr;
 
 	internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs;
 
@@ -609,6 +619,7 @@ cryptodev_snow3g_remove(struct rte_vdev_device *vdev)
 {
 	struct rte_cryptodev *cryptodev;
 	const char *name;
+	struct snow3g_private *internals;
 
 	name = rte_vdev_device_name(vdev);
 	if (name == NULL)
@@ -618,6 +629,10 @@ cryptodev_snow3g_remove(struct rte_vdev_device *vdev)
 	if (cryptodev == NULL)
 		return -ENODEV;
 
+	internals = cryptodev->data->dev_private;
+
+	free_mb_mgr(internals->mgr);
+
 	return rte_cryptodev_pmd_destroy(cryptodev);
 }
 
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
index 8778f28..ea76637 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
@@ -201,6 +201,7 @@ snow3g_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		int socket_id)
 {
 	struct snow3g_qp *qp = NULL;
+	struct snow3g_private *internals = dev->data->dev_private;
 
 	/* Free memory prior to re-allocation if needed. */
 	if (dev->data->queue_pairs[qp_id] != NULL)
@@ -223,6 +224,7 @@ snow3g_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (qp->processed_ops == NULL)
 		goto qp_setup_cleanup;
 
+	qp->mgr = internals->mgr;
 	qp->sess_mp = qp_conf->mp_session;
 	qp->sess_mp_priv = qp_conf->mp_session_private;
 
@@ -253,13 +255,14 @@ snow3g_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 
 /** Configure a SNOW 3G session from a crypto xform chain */
 static int
-snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
+snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
 		struct rte_cryptodev_sym_session *sess,
 		struct rte_mempool *mempool)
 {
 	void *sess_private_data;
 	int ret;
+	struct snow3g_private *internals = dev->data->dev_private;
 
 	if (unlikely(sess == NULL)) {
 		SNOW3G_LOG(ERR, "invalid session struct");
@@ -272,7 +275,8 @@ snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -ENOMEM;
 	}
 
-	ret = snow3g_set_session_parameters(sess_private_data, xform);
+	ret = snow3g_set_session_parameters(internals->mgr,
+					sess_private_data, xform);
 	if (ret != 0) {
 		SNOW3G_LOG(ERR, "failed configure session parameters");
 
diff --git a/drivers/crypto/snow3g/snow3g_pmd_private.h b/drivers/crypto/snow3g/snow3g_pmd_private.h
index 1fe05eb..2074f3d 100644
--- a/drivers/crypto/snow3g/snow3g_pmd_private.h
+++ b/drivers/crypto/snow3g/snow3g_pmd_private.h
@@ -1,11 +1,11 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright(c) 2016-2018 Intel Corporation
+ * Copyright(c) 2016-2019 Intel Corporation
  */
 
 #ifndef _SNOW3G_PMD_PRIVATE_H_
 #define _SNOW3G_PMD_PRIVATE_H_
 
-#include <sso_snow3g.h>
+#include <intel-ipsec-mb.h>
 
 #define CRYPTODEV_NAME_SNOW3G_PMD	crypto_snow3g
 /**< SNOW 3G PMD device name */
@@ -25,6 +25,8 @@ int snow3g_logtype_driver;
 struct snow3g_private {
 	unsigned max_nb_queue_pairs;
 	/**< Max number of queue pairs supported by device */
+	MB_MGR *mgr;
+	/**< Multi-buffer instance */
 };
 
 /** SNOW 3G buffer queue pair */
@@ -46,6 +48,8 @@ struct snow3g_qp {
 	 * by the driver when verifying a digest provided
 	 * by the user (using authentication verify operation)
 	 */
+	MB_MGR *mgr;
+	/**< Multi-buffer instance */
 } __rte_cache_aligned;
 
 enum snow3g_operation {
@@ -60,15 +64,15 @@ enum snow3g_operation {
 struct snow3g_session {
 	enum snow3g_operation op;
 	enum rte_crypto_auth_operation auth_op;
-	sso_snow3g_key_schedule_t pKeySched_cipher;
-	sso_snow3g_key_schedule_t pKeySched_hash;
+	snow3g_key_schedule_t pKeySched_cipher;
+	snow3g_key_schedule_t pKeySched_hash;
 	uint16_t cipher_iv_offset;
 	uint16_t auth_iv_offset;
 } __rte_cache_aligned;
 
 
 extern int
-snow3g_set_session_parameters(struct snow3g_session *sess,
+snow3g_set_session_parameters(MB_MGR *mgr, struct snow3g_session *sess,
 		const struct rte_crypto_sym_xform *xform);
 
 
diff --git a/mk/rte.app.mk b/mk/rte.app.mk
index a8163f1..8bf6b3d 100644
--- a/mk/rte.app.mk
+++ b/mk/rte.app.mk
@@ -268,7 +268,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_QAT_SYM)     += -lrte_pmd_qat -lcrypto
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_QAT_ASYM)    += -lrte_pmd_qat -lcrypto
 endif # CONFIG_RTE_LIBRTE_PMD_QAT
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -lrte_pmd_snow3g
-_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -L$(LIBSSO_SNOW3G_PATH)/build -lsso_snow3g
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lrte_pmd_kasumi
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lrte_pmd_zuc
-- 
2.7.5


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH v2 0/3] Use Intel IPSec MB library in Wireless PMDs
  2019-12-11 14:20 [dpdk-dev] [PATCH 0/3] Use Intel IPSec MB library in Wireless PMDs Pablo de Lara
                   ` (2 preceding siblings ...)
  2019-12-11 14:20 ` [dpdk-dev] [PATCH 3/3] crypto/snow3g: " Pablo de Lara
@ 2020-01-13 11:40 ` Pablo de Lara
  2020-01-13 11:40   ` [dpdk-dev] [PATCH v2 1/3] crypto/zuc: use IPSec library Pablo de Lara
                     ` (4 more replies)
  3 siblings, 5 replies; 21+ messages in thread
From: Pablo de Lara @ 2020-01-13 11:40 UTC (permalink / raw)
  To: akhil.goyal, declan.doherty; +Cc: dev, Pablo de Lara

The three Intel SW Crypto PMDs supporting SNOW3G, ZUC and KASUMI link against libSSO libraries.
The Intel IPSec Multi-buffer library recently integrated the code from these libraries, in version v0.53.
This library can be downloaded from https://github.com/intel/intel-ipsec-mb.

KASUMI, SNOW3G and ZUC PMDs have been modified to use this single library,
which is already used in the AESNI MB and AESNI GCM PMDs,
reducing the number of external dependencies in the crypto PMDs.

Changes in v2:
- Updated ZUC PMD to support future AVX512 and AVX2 implementations.

Pablo de Lara (3):
  crypto/zuc: use IPSec library
  crypto/kasumi: use IPSec library
  crypto/snow3g: use IPSec library

 devtools/test-build.sh                     | 16 ++----
 doc/guides/cryptodevs/kasumi.rst           | 62 ++++++++++++----------
 doc/guides/cryptodevs/snow3g.rst           | 58 +++++++++++---------
 doc/guides/cryptodevs/zuc.rst              | 52 ++++++++++--------
 doc/guides/rel_notes/release_20_02.rst     | 17 ++++++
 drivers/crypto/kasumi/Makefile             | 26 +++++----
 drivers/crypto/kasumi/kasumi_pmd_private.h | 12 +++--
 drivers/crypto/kasumi/meson.build          | 24 ++++++---
 drivers/crypto/kasumi/rte_kasumi_pmd.c     | 79 +++++++++++++++------------
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c |  8 ++-
 drivers/crypto/snow3g/Makefile             | 29 ++++++----
 drivers/crypto/snow3g/meson.build          | 21 ++++++--
 drivers/crypto/snow3g/rte_snow3g_pmd.c     | 85 ++++++++++++++++++------------
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c |  8 ++-
 drivers/crypto/snow3g/snow3g_pmd_private.h | 14 +++--
 drivers/crypto/zuc/Makefile                | 28 ++++++----
 drivers/crypto/zuc/meson.build             | 24 ++++++---
 drivers/crypto/zuc/rte_zuc_pmd.c           | 51 +++++++++++++-----
 drivers/crypto/zuc/rte_zuc_pmd_ops.c       |  2 +
 drivers/crypto/zuc/zuc_pmd_private.h       |  6 ++-
 mk/rte.app.mk                              |  6 +--
 21 files changed, 395 insertions(+), 233 deletions(-)

-- 
2.7.5


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH v2 1/3] crypto/zuc: use IPSec library
  2020-01-13 11:40 ` [dpdk-dev] [PATCH v2 0/3] Use Intel IPSec MB library in Wireless PMDs Pablo de Lara
@ 2020-01-13 11:40   ` Pablo de Lara
  2020-01-13 12:45     ` Bruce Richardson
  2020-01-13 11:40   ` [dpdk-dev] [PATCH v2 2/3] crypto/kasumi: " Pablo de Lara
                     ` (3 subsequent siblings)
  4 siblings, 1 reply; 21+ messages in thread
From: Pablo de Lara @ 2020-01-13 11:40 UTC (permalink / raw)
  To: akhil.goyal, declan.doherty; +Cc: dev, Pablo de Lara

Link against Intel IPSec Multi-buffer library, which
added support for ZUC-EEA3 and ZUC-EIA3 from version v0.53,
moving from libSSO ZUC library.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 devtools/test-build.sh                 |  6 ++--
 doc/guides/cryptodevs/zuc.rst          | 52 ++++++++++++++++++++--------------
 doc/guides/rel_notes/release_20_02.rst |  7 +++++
 drivers/crypto/zuc/Makefile            | 28 +++++++++++-------
 drivers/crypto/zuc/meson.build         | 24 ++++++++++++----
 drivers/crypto/zuc/rte_zuc_pmd.c       | 51 ++++++++++++++++++++++++---------
 drivers/crypto/zuc/rte_zuc_pmd_ops.c   |  2 ++
 drivers/crypto/zuc/zuc_pmd_private.h   |  6 +++-
 mk/rte.app.mk                          |  2 +-
 9 files changed, 120 insertions(+), 58 deletions(-)

diff --git a/devtools/test-build.sh b/devtools/test-build.sh
index be565a1..afa0748 100755
--- a/devtools/test-build.sh
+++ b/devtools/test-build.sh
@@ -29,7 +29,6 @@ default_path=$PATH
 # - LIBMUSDK_PATH
 # - LIBSSO_SNOW3G_PATH
 # - LIBSSO_KASUMI_PATH
-# - LIBSSO_ZUC_PATH
 . $(dirname $(readlink -f $0))/load-devel-config
 
 print_usage () {
@@ -123,7 +122,6 @@ reset_env ()
 	unset LIBMUSDK_PATH
 	unset LIBSSO_SNOW3G_PATH
 	unset LIBSSO_KASUMI_PATH
-	unset LIBSSO_ZUC_PATH
 	unset PQOS_INSTALL_PATH
 }
 
@@ -183,12 +181,12 @@ config () # <directory> <target> <options>
 		sed -ri=""       's,(PMD_AESNI_MB=)n,\1y,' $1/.config
 		test "$DPDK_DEP_IPSEC_MB" != y || \
 		sed -ri=""      's,(PMD_AESNI_GCM=)n,\1y,' $1/.config
+		test "$DPDK_DEP_IPSEC_MB" != y || \
+		sed -ri=""            's,(PMD_ZUC=)n,\1y,' $1/.config
 		test -z "$LIBSSO_SNOW3G_PATH" || \
 		sed -ri=""         's,(PMD_SNOW3G=)n,\1y,' $1/.config
 		test -z "$LIBSSO_KASUMI_PATH" || \
 		sed -ri=""         's,(PMD_KASUMI=)n,\1y,' $1/.config
-		test -z "$LIBSSO_ZUC_PATH" || \
-		sed -ri=""            's,(PMD_ZUC=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
 		sed -ri=""            's,(PMD_CCP=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
index 002e986..23d618d 100644
--- a/doc/guides/cryptodevs/zuc.rst
+++ b/doc/guides/cryptodevs/zuc.rst
@@ -1,12 +1,12 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright(c) 2016 Intel Corporation.
+    Copyright(c) 2016-2019 Intel Corporation.
 
 ZUC Crypto Poll Mode Driver
 ===========================
 
-The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver
-support for utilizing Intel Libsso library, which implements F8 and F9 functions
-for ZUC EEA3 cipher and EIA3 hash algorithms.
+The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver support for
+utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_
+which implements F8 and F9 functions for ZUC EEA3 cipher and EIA3 hash algorithms.
 
 Features
 --------
@@ -27,36 +27,46 @@ Limitations
 * Chained mbufs are not supported.
 * ZUC (EIA3) supported only if hash offset field is byte-aligned.
 * ZUC (EEA3) supported only if cipher length, cipher offset fields are byte-aligned.
-* ZUC PMD cannot be built as a shared library, due to limitations in
-  the underlying library.
 
 
 Installation
 ------------
 
-To build DPDK with the ZUC_PMD the user is required to download
-the export controlled ``libsso_zuc`` library, by registering in
-`Intel Resource & Design Center <https://www.intel.com/content/www/us/en/design/resource-design-center.html>`_.
-Once approval has been granted, the user needs to search for
-*ZUC 128-EAA3 and 128-EIA3 3GPP cryptographic algorithms Software Library* to download the
-library or directly through this `link <https://cdrdv2.intel.com/v1/dl/getContent/575868>`_.
+To build DPDK with the ZUC_PMD the user is required to download the multi-buffer
+library from `here <https://github.com/01org/intel-ipsec-mb>`_
+and compile it on their user system before building DPDK.
+The latest version of the library supported by this PMD is v0.53, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+
 After downloading the library, the user needs to unpack and compile it
-on their system before building DPDK::
+on their system before building DPDK:
+
+.. code-block:: console
+
+    make
+    make install
+
+As a reference, the following table shows a mapping between the past DPDK versions
+and the external crypto libraries supported by them:
+
+.. _table_zuc_versions:
+
+.. table:: DPDK and external crypto library version compatibility
+
+   =============  ================================
+   DPDK version   Crypto library version
+   =============  ================================
+   16.11 - 19.11  LibSSO ZUC
+   20.02+         Multi-buffer library 0.53
+   =============  ================================
 
-   make
 
 Initialization
 --------------
 
 In order to enable this virtual crypto PMD, user must:
 
-* Export the environmental variable LIBSSO_ZUC_PATH with the path where
-  the library was extracted (zuc folder).
-
-* Export the environmental variable LD_LIBRARY_PATH with the path
-  where the built libsso library is (LIBSSO_ZUC_PATH/build).
-
-* Build the LIBSSO_ZUC library (explained in Installation section).
+* Build the multi buffer library (explained in Installation section).
 
 * Build DPDK as follows:
 
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index 0eaa45a..4216e0b 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -56,6 +56,13 @@ New Features
      Also, make sure to start the actual text at the margin.
      =========================================================
 
+* **Updated the ZUC PMD.**
+
+  * Transistioned underlying library from libSSO ZUC to intel-ipsec-mb
+    library (minimum version required 0.53).
+  * Removed dynamic library limitation, so PMD can be built as a shared
+    object now.
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/zuc/Makefile b/drivers/crypto/zuc/Makefile
index a01bb6e..b50883b 100644
--- a/drivers/crypto/zuc/Makefile
+++ b/drivers/crypto/zuc/Makefile
@@ -1,14 +1,8 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2016 Intel Corporation
+# Copyright(c) 2016-2019 Intel Corporation
 
 include $(RTE_SDK)/mk/rte.vars.mk
 
-ifneq ($(MAKECMDGOALS),clean)
-ifeq ($(LIBSSO_ZUC_PATH),)
-$(error "Please define LIBSSO_ZUC_PATH environment variable")
-endif
-endif
-
 # library name
 LIB = librte_pmd_zuc.a
 
@@ -21,14 +15,26 @@ CFLAGS += -DALLOW_EXPERIMENTAL_API
 EXPORT_MAP := rte_pmd_zuc_version.map
 
 # external library dependencies
-CFLAGS += -I$(LIBSSO_ZUC_PATH)
-CFLAGS += -I$(LIBSSO_ZUC_PATH)/include
-CFLAGS += -I$(LIBSSO_ZUC_PATH)/build
-LDLIBS += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc
+LDLIBS += -lIPSec_MB
 LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring
 LDLIBS += -lrte_cryptodev
 LDLIBS += -lrte_bus_vdev
 
+IMB_HDR = $(shell echo '\#include <intel-ipsec-mb.h>' | \
+	$(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \
+	head -n1 | cut -d'"' -f2)
+
+# Detect library version
+IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2)
+IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3)
+
+ifeq ($(IMB_VERSION),)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
+ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
 # library source files
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += rte_zuc_pmd.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += rte_zuc_pmd_ops.c
diff --git a/drivers/crypto/zuc/meson.build b/drivers/crypto/zuc/meson.build
index b231de0..b7098a3 100644
--- a/drivers/crypto/zuc/meson.build
+++ b/drivers/crypto/zuc/meson.build
@@ -1,14 +1,26 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2018 Intel Corporation
+# Copyright(c) 2018-2019 Intel Corporation
 
-lib = cc.find_library('sso_zuc', required: false)
-if not lib.found() or not cc.has_header('sso_zuc.h')
+IMB_required_ver = '0.53.0'
+lib = cc.find_library('IPSec_MB', required: false)
+if not lib.found()
 	build = false
-	reason = 'missing dependency, "libsso_zuc"'
-	subdir_done()
+	reason = 'missing dependency, "libIPSec_MB"'
+else
+	ext_deps += lib
+
+	# version comes with quotes, so we split based on " and take the middle
+	imb_ver = cc.get_define('IMB_VERSION_STR',
+		prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
+
+	if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver))
+		message('IPSec_MB version >= @0@ is required, found version @1@'.format(
+				IMB_required_ver, imb_ver))
+		build = false
+	endif
+
 endif
 
 allow_experimental_apis = true
-ext_deps += lib
 sources = files('rte_zuc_pmd.c', 'rte_zuc_pmd_ops.c')
 deps += ['bus_vdev']
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index 8e214cd..cdd6220 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -11,7 +11,7 @@
 #include <rte_cpuflags.h>
 
 #include "zuc_pmd_private.h"
-#define ZUC_MAX_BURST 4
+#define ZUC_MAX_BURST 16
 #define BYTE_LEN 8
 
 static uint8_t cryptodev_driver_id;
@@ -170,7 +170,7 @@ zuc_get_session(struct zuc_qp *qp, struct rte_crypto_op *op)
 
 /** Encrypt/decrypt mbufs. */
 static uint8_t
-process_zuc_cipher_op(struct rte_crypto_op **ops,
+process_zuc_cipher_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 		struct zuc_session **sessions,
 		uint8_t num_ops)
 {
@@ -222,7 +222,8 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 		processed_ops++;
 	}
 
-	sso_zuc_eea3_n_buffer(cipher_keys, iv, src, dst,
+	IMB_ZUC_EEA3_N_BUFFER(qp->mb_mgr, (const void **)cipher_keys,
+			(const void **)iv, (const void **)src, (void **)dst,
 			num_bytes, processed_ops);
 
 	return processed_ops;
@@ -262,7 +263,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 		if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint32_t *)qp->temp_digest;
 
-			sso_zuc_eia3_1_buffer(sess->pKey_hash,
+			IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash,
 					iv, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
@@ -272,7 +273,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 		} else  {
 			dst = (uint32_t *)ops[i]->sym->auth.digest.data;
 
-			sso_zuc_eia3_1_buffer(sess->pKey_hash,
+			IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash,
 					iv, src,
 					length_in_bits, dst);
 		}
@@ -294,7 +295,7 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type,
 
 	switch (op_type) {
 	case ZUC_OP_ONLY_CIPHER:
-		processed_ops = process_zuc_cipher_op(ops,
+		processed_ops = process_zuc_cipher_op(qp, ops,
 				sessions, num_ops);
 		break;
 	case ZUC_OP_ONLY_AUTH:
@@ -302,14 +303,14 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type,
 				num_ops);
 		break;
 	case ZUC_OP_CIPHER_AUTH:
-		processed_ops = process_zuc_cipher_op(ops, sessions,
+		processed_ops = process_zuc_cipher_op(qp, ops, sessions,
 				num_ops);
 		process_zuc_hash_op(qp, ops, sessions, processed_ops);
 		break;
 	case ZUC_OP_AUTH_CIPHER:
 		processed_ops = process_zuc_hash_op(qp, ops, sessions,
 				num_ops);
-		process_zuc_cipher_op(ops, sessions, processed_ops);
+		process_zuc_cipher_op(qp, ops, sessions, processed_ops);
 		break;
 	default:
 		/* Operation not supported. */
@@ -457,8 +458,7 @@ cryptodev_zuc_create(const char *name,
 {
 	struct rte_cryptodev *dev;
 	struct zuc_private *internals;
-	uint64_t cpu_flags = RTE_CRYPTODEV_FF_CPU_SSE;
-
+	MB_MGR *mb_mgr;
 
 	dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
 	if (dev == NULL) {
@@ -466,6 +466,27 @@ cryptodev_zuc_create(const char *name,
 		goto init_error;
 	}
 
+	dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
+			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING;
+
+	mb_mgr = alloc_mb_mgr(0);
+	if (mb_mgr == NULL)
+		return -ENOMEM;
+
+	if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX512F)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX512;
+		init_mb_mgr_avx512(mb_mgr);
+	} else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX2)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX2;
+		init_mb_mgr_avx2(mb_mgr);
+	} else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
+		init_mb_mgr_avx(mb_mgr);
+	} else {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
+		init_mb_mgr_sse(mb_mgr);
+	}
+
 	dev->driver_id = cryptodev_driver_id;
 	dev->dev_ops = rte_zuc_pmd_ops;
 
@@ -473,11 +494,8 @@ cryptodev_zuc_create(const char *name,
 	dev->dequeue_burst = zuc_pmd_dequeue_burst;
 	dev->enqueue_burst = zuc_pmd_enqueue_burst;
 
-	dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
-			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
-			cpu_flags;
-
 	internals = dev->data->dev_private;
+	internals->mb_mgr = mb_mgr;
 
 	internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs;
 
@@ -518,6 +536,7 @@ cryptodev_zuc_remove(struct rte_vdev_device *vdev)
 
 	struct rte_cryptodev *cryptodev;
 	const char *name;
+	struct zuc_private *internals;
 
 	name = rte_vdev_device_name(vdev);
 	if (name == NULL)
@@ -527,6 +546,10 @@ cryptodev_zuc_remove(struct rte_vdev_device *vdev)
 	if (cryptodev == NULL)
 		return -ENODEV;
 
+	internals = cryptodev->data->dev_private;
+
+	free_mb_mgr(internals->mb_mgr);
+
 	return rte_cryptodev_pmd_destroy(cryptodev);
 }
 
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index 62f8c6c..ddd0f92 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -201,6 +201,7 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		int socket_id)
 {
 	struct zuc_qp *qp = NULL;
+	struct zuc_private *internals = dev->data->dev_private;
 
 	/* Free memory prior to re-allocation if needed. */
 	if (dev->data->queue_pairs[qp_id] != NULL)
@@ -223,6 +224,7 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (qp->processed_ops == NULL)
 		goto qp_setup_cleanup;
 
+	qp->mb_mgr = internals->mb_mgr;
 	qp->sess_mp = qp_conf->mp_session;
 	qp->sess_mp_priv = qp_conf->mp_session_private;
 
diff --git a/drivers/crypto/zuc/zuc_pmd_private.h b/drivers/crypto/zuc/zuc_pmd_private.h
index 428efd4..47a8b08 100644
--- a/drivers/crypto/zuc/zuc_pmd_private.h
+++ b/drivers/crypto/zuc/zuc_pmd_private.h
@@ -5,7 +5,7 @@
 #ifndef _ZUC_PMD_PRIVATE_H_
 #define _ZUC_PMD_PRIVATE_H_
 
-#include <sso_zuc.h>
+#include <intel-ipsec-mb.h>
 
 #define CRYPTODEV_NAME_ZUC_PMD		crypto_zuc
 /**< KASUMI PMD device name */
@@ -24,6 +24,8 @@ int zuc_logtype_driver;
 struct zuc_private {
 	unsigned max_nb_queue_pairs;
 	/**< Max number of queue pairs supported by device */
+	MB_MGR *mb_mgr;
+	/**< Multi-buffer instance */
 };
 
 /** ZUC buffer queue pair */
@@ -45,6 +47,8 @@ struct zuc_qp {
 	 * by the driver when verifying a digest provided
 	 * by the user (using authentication verify operation)
 	 */
+	MB_MGR *mb_mgr;
+	/**< Multi-buffer instance */
 } __rte_cache_aligned;
 
 enum zuc_operation {
diff --git a/mk/rte.app.mk b/mk/rte.app.mk
index 05ea034..62724cc 100644
--- a/mk/rte.app.mk
+++ b/mk/rte.app.mk
@@ -272,7 +272,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -L$(LIBSSO_SNOW3G_PATH)/build -l
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lrte_pmd_kasumi
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lrte_pmd_zuc
-_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO)    += -lrte_pmd_armv8
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO)    += -L$(ARMV8_CRYPTO_LIB_PATH) -larmv8_crypto
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_MVSAM_CRYPTO) += -L$(LIBMUSDK_PATH)/lib -lrte_pmd_mvsam_crypto -lmusdk
-- 
2.7.5


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH v2 2/3] crypto/kasumi: use IPSec library
  2020-01-13 11:40 ` [dpdk-dev] [PATCH v2 0/3] Use Intel IPSec MB library in Wireless PMDs Pablo de Lara
  2020-01-13 11:40   ` [dpdk-dev] [PATCH v2 1/3] crypto/zuc: use IPSec library Pablo de Lara
@ 2020-01-13 11:40   ` Pablo de Lara
  2020-01-13 11:40   ` [dpdk-dev] [PATCH v2 3/3] crypto/snow3g: " Pablo de Lara
                     ` (2 subsequent siblings)
  4 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2020-01-13 11:40 UTC (permalink / raw)
  To: akhil.goyal, declan.doherty; +Cc: dev, Pablo de Lara

Link against Intel IPSec Multi-buffer library, which
added support for KASUMI-F8 and KASUMI-F9 from version v0.53,
moving from libSSO KASUMI library.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 devtools/test-build.sh                     |  6 +--
 doc/guides/cryptodevs/kasumi.rst           | 62 ++++++++++++-----------
 doc/guides/rel_notes/release_20_02.rst     |  5 ++
 drivers/crypto/kasumi/Makefile             | 26 ++++++----
 drivers/crypto/kasumi/kasumi_pmd_private.h | 12 +++--
 drivers/crypto/kasumi/meson.build          | 24 ++++++---
 drivers/crypto/kasumi/rte_kasumi_pmd.c     | 79 +++++++++++++++++-------------
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c |  8 ++-
 mk/rte.app.mk                              |  2 +-
 9 files changed, 134 insertions(+), 90 deletions(-)

diff --git a/devtools/test-build.sh b/devtools/test-build.sh
index afa0748..56c744f 100755
--- a/devtools/test-build.sh
+++ b/devtools/test-build.sh
@@ -28,7 +28,6 @@ default_path=$PATH
 # - FLEXRAN_SDK
 # - LIBMUSDK_PATH
 # - LIBSSO_SNOW3G_PATH
-# - LIBSSO_KASUMI_PATH
 . $(dirname $(readlink -f $0))/load-devel-config
 
 print_usage () {
@@ -121,7 +120,6 @@ reset_env ()
 	unset FLEXRAN_SDK
 	unset LIBMUSDK_PATH
 	unset LIBSSO_SNOW3G_PATH
-	unset LIBSSO_KASUMI_PATH
 	unset PQOS_INSTALL_PATH
 }
 
@@ -183,10 +181,10 @@ config () # <directory> <target> <options>
 		sed -ri=""      's,(PMD_AESNI_GCM=)n,\1y,' $1/.config
 		test "$DPDK_DEP_IPSEC_MB" != y || \
 		sed -ri=""            's,(PMD_ZUC=)n,\1y,' $1/.config
+		test "$DPDK_DEP_IPSEC_MB" != y || \
+		sed -ri=""         's,(PMD_KASUMI=)n,\1y,' $1/.config
 		test -z "$LIBSSO_SNOW3G_PATH" || \
 		sed -ri=""         's,(PMD_SNOW3G=)n,\1y,' $1/.config
-		test -z "$LIBSSO_KASUMI_PATH" || \
-		sed -ri=""         's,(PMD_KASUMI=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
 		sed -ri=""            's,(PMD_CCP=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
diff --git a/doc/guides/cryptodevs/kasumi.rst b/doc/guides/cryptodevs/kasumi.rst
index 2265eee..6c86fe2 100644
--- a/doc/guides/cryptodevs/kasumi.rst
+++ b/doc/guides/cryptodevs/kasumi.rst
@@ -1,12 +1,12 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright(c) 2016 Intel Corporation.
+    Copyright(c) 2016-2019 Intel Corporation.
 
 KASUMI Crypto Poll Mode Driver
 ===============================
 
-The KASUMI PMD (**librte_pmd_kasumi**) provides poll mode crypto driver
-support for utilizing Intel Libsso library, which implements F8 and F9 functions
-for KASUMI UEA1 cipher and UIA1 hash algorithms.
+The KASUMI PMD (**librte_pmd_kasumi**) provides poll mode crypto driver support for
+utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_
+which implements F8 and F9 functions for KASUMI UEA1 cipher and UIA1 hash algorithms.
 
 Features
 --------
@@ -33,33 +33,33 @@ Limitations
 Installation
 ------------
 
-To build DPDK with the KASUMI_PMD the user is required to download
-the export controlled ``libsso_kasumi`` library, by registering in
-`Intel Resource & Design Center <https://www.intel.com/content/www/us/en/design/resource-design-center.html>`_.
-Once approval has been granted, the user needs to search for
-*Kasumi F8 F9 3GPP cryptographic algorithms Software Library* to download the
-library or directly through this `link <https://cdrdv2.intel.com/v1/dl/getContent/575866>`_.
+To build DPDK with the KASUMI_PMD the user is required to download the multi-buffer
+library from `here <https://github.com/01org/intel-ipsec-mb>`_
+and compile it on their user system before building DPDK.
+The latest version of the library supported by this PMD is v0.53, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+
 After downloading the library, the user needs to unpack and compile it
-on their system before building DPDK::
+on their system before building DPDK:
+
+.. code-block:: console
 
-   make
+    make
+    make install
 
-**Note**: When encrypting with KASUMI F8, by default the library
-encrypts full blocks of 8 bytes, regardless the number of bytes to
-be encrypted provided (which leads to a possible buffer overflow).
-To avoid this situation, it is necessary not to pass
-3GPP_SAFE_BUFFERS as a compilation flag.
-Also, this is required when using chained operations
-(cipher-then-auth/auth-then-cipher).
-For this, in the Makefile of the library, make sure that this flag
-is commented out::
+As a reference, the following table shows a mapping between the past DPDK versions
+and the external crypto libraries supported by them:
 
-  #EXTRA_CFLAGS  += -D_3GPP_SAFE_BUFFERS
+.. _table_kasumi_versions:
 
-**Note**: To build the PMD as a shared library, the libsso_kasumi
-library must be built as follows::
+.. table:: DPDK and external crypto library version compatibility
 
-  make KASUMI_CFLAGS=-DKASUMI_C
+   =============  ================================
+   DPDK version   Crypto library version
+   =============  ================================
+   16.11 - 19.11  LibSSO KASUMI
+   20.02+         Multi-buffer library 0.53
+   =============  ================================
 
 
 Initialization
@@ -67,12 +67,16 @@ Initialization
 
 In order to enable this virtual crypto PMD, user must:
 
-* Export the environmental variable LIBSSO_KASUMI_PATH with the path where
-  the library was extracted (kasumi folder).
+* Build the multi buffer library (explained in Installation section).
+
+* Build DPDK as follows:
+
+.. code-block:: console
 
-* Build the LIBSSO library (explained in Installation section).
+	make config T=x86_64-native-linux-gcc
+	sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_KASUMI\)=n,\1=y,' build/.config
+	make
 
-* Set CONFIG_RTE_LIBRTE_PMD_KASUMI=y in config/common_base.
 
 To use the PMD in an application, user must:
 
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index 4216e0b..a3f6154 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -63,6 +63,11 @@ New Features
   * Removed dynamic library limitation, so PMD can be built as a shared
     object now.
 
+* **Updated the KASUMI PMD.**
+
+  * Transistioned underlying library from libSSO KASUMI to intel-ipsec-mb
+    library (minimum version required 0.53).
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/kasumi/Makefile b/drivers/crypto/kasumi/Makefile
index 26f5137..c94d6bd 100644
--- a/drivers/crypto/kasumi/Makefile
+++ b/drivers/crypto/kasumi/Makefile
@@ -3,12 +3,6 @@
 
 include $(RTE_SDK)/mk/rte.vars.mk
 
-ifneq ($(MAKECMDGOALS),clean)
-ifeq ($(LIBSSO_KASUMI_PATH),)
-$(error "Please define LIBSSO_KASUMI_PATH environment variable")
-endif
-endif
-
 # library name
 LIB = librte_pmd_kasumi.a
 
@@ -21,14 +15,26 @@ CFLAGS += -DALLOW_EXPERIMENTAL_API
 EXPORT_MAP := rte_pmd_kasumi_version.map
 
 # external library dependencies
-CFLAGS += -I$(LIBSSO_KASUMI_PATH)
-CFLAGS += -I$(LIBSSO_KASUMI_PATH)/include
-CFLAGS += -I$(LIBSSO_KASUMI_PATH)/build
-LDLIBS += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi
+LDLIBS += -lIPSec_MB
 LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring
 LDLIBS += -lrte_cryptodev
 LDLIBS += -lrte_bus_vdev
 
+IMB_HDR = $(shell echo '\#include <intel-ipsec-mb.h>' | \
+	$(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \
+	head -n1 | cut -d'"' -f2)
+
+# Detect library version
+IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2)
+IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3)
+
+ifeq ($(IMB_VERSION),)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
+ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
 # library source files
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += rte_kasumi_pmd.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += rte_kasumi_pmd_ops.c
diff --git a/drivers/crypto/kasumi/kasumi_pmd_private.h b/drivers/crypto/kasumi/kasumi_pmd_private.h
index 7ac19c5..3b3a695 100644
--- a/drivers/crypto/kasumi/kasumi_pmd_private.h
+++ b/drivers/crypto/kasumi/kasumi_pmd_private.h
@@ -5,7 +5,7 @@
 #ifndef _KASUMI_PMD_PRIVATE_H_
 #define _KASUMI_PMD_PRIVATE_H_
 
-#include <sso_kasumi.h>
+#include <intel-ipsec-mb.h>
 
 #define CRYPTODEV_NAME_KASUMI_PMD	crypto_kasumi
 /**< KASUMI PMD device name */
@@ -24,6 +24,8 @@ int kasumi_logtype_driver;
 struct kasumi_private {
 	unsigned max_nb_queue_pairs;
 	/**< Max number of queue pairs supported by device */
+	MB_MGR *mgr;
+	/**< Multi-buffer instance */
 };
 
 /** KASUMI buffer queue pair */
@@ -45,6 +47,8 @@ struct kasumi_qp {
 	 * by the driver when verifying a digest provided
 	 * by the user (using authentication verify operation)
 	 */
+	MB_MGR *mgr;
+	/**< Multi-buffer instance */
 } __rte_cache_aligned;
 
 enum kasumi_operation {
@@ -58,8 +62,8 @@ enum kasumi_operation {
 /** KASUMI private session structure */
 struct kasumi_session {
 	/* Keys have to be 16-byte aligned */
-	sso_kasumi_key_sched_t pKeySched_cipher;
-	sso_kasumi_key_sched_t pKeySched_hash;
+	kasumi_key_sched_t pKeySched_cipher;
+	kasumi_key_sched_t pKeySched_hash;
 	enum kasumi_operation op;
 	enum rte_crypto_auth_operation auth_op;
 	uint16_t cipher_iv_offset;
@@ -67,7 +71,7 @@ struct kasumi_session {
 
 
 int
-kasumi_set_session_parameters(struct kasumi_session *sess,
+kasumi_set_session_parameters(MB_MGR *mgr, struct kasumi_session *sess,
 		const struct rte_crypto_sym_xform *xform);
 
 
diff --git a/drivers/crypto/kasumi/meson.build b/drivers/crypto/kasumi/meson.build
index 90a3c4f..9639aaf 100644
--- a/drivers/crypto/kasumi/meson.build
+++ b/drivers/crypto/kasumi/meson.build
@@ -1,14 +1,26 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2018 Intel Corporation
+# Copyright(c) 2018-2019 Intel Corporation
 
-lib = cc.find_library('sso_kasumi', required: false)
-if not lib.found() or not cc.has_header('sso_kasumi.h')
+IMB_required_ver = '0.53.0'
+lib = cc.find_library('IPSec_MB', required: false)
+if not lib.found()
 	build = false
-	reason = 'missing dependency, "libsso_kasumi"'
-	subdir_done()
+	reason = 'missing dependency, "libIPSec_MB"'
+else
+	ext_deps += lib
+
+	# version comes with quotes, so we split based on " and take the middle
+	imb_ver = cc.get_define('IMB_VERSION_STR',
+		prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
+
+	if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver))
+		message('IPSec_MB version >= @0@ is required, found version @1@'.format(
+				IMB_required_ver, imb_ver))
+		build = false
+	endif
+
 endif
 
 allow_experimental_apis = true
-ext_deps += lib
 sources = files('rte_kasumi_pmd.c', 'rte_kasumi_pmd_ops.c')
 deps += ['bus_vdev']
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index d0583ef..baad5b4 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -54,7 +54,7 @@ kasumi_get_mode(const struct rte_crypto_sym_xform *xform)
 
 /** Parse crypto xform chain and set private session parameters. */
 int
-kasumi_set_session_parameters(struct kasumi_session *sess,
+kasumi_set_session_parameters(MB_MGR *mgr, struct kasumi_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
 	const struct rte_crypto_sym_xform *auth_xform = NULL;
@@ -97,7 +97,7 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		}
 
 		/* Initialize key */
-		sso_kasumi_init_f8_key_sched(cipher_xform->cipher.key.data,
+		IMB_KASUMI_INIT_F8_KEY_SCHED(mgr, cipher_xform->cipher.key.data,
 				&sess->pKeySched_cipher);
 	}
 
@@ -116,7 +116,7 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		sess->auth_op = auth_xform->auth.op;
 
 		/* Initialize key */
-		sso_kasumi_init_f9_key_sched(auth_xform->auth.key.data,
+		IMB_KASUMI_INIT_F9_KEY_SCHED(mgr, auth_xform->auth.key.data,
 				&sess->pKeySched_hash);
 	}
 
@@ -151,7 +151,7 @@ kasumi_get_session(struct kasumi_qp *qp, struct rte_crypto_op *op)
 
 		sess = (struct kasumi_session *)_sess_private_data;
 
-		if (unlikely(kasumi_set_session_parameters(sess,
+		if (unlikely(kasumi_set_session_parameters(qp->mgr, sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
 			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
@@ -170,13 +170,13 @@ kasumi_get_session(struct kasumi_qp *qp, struct rte_crypto_op *op)
 
 /** Encrypt/decrypt mbufs with same cipher key. */
 static uint8_t
-process_kasumi_cipher_op(struct rte_crypto_op **ops,
-		struct kasumi_session *session,
-		uint8_t num_ops)
+process_kasumi_cipher_op(struct kasumi_qp *qp, struct rte_crypto_op **ops,
+		struct kasumi_session *session, uint8_t num_ops)
 {
 	unsigned i;
 	uint8_t processed_ops = 0;
-	uint8_t *src[num_ops], *dst[num_ops];
+	const void *src[num_ops];
+	void *dst[num_ops];
 	uint8_t *iv_ptr;
 	uint64_t iv[num_ops];
 	uint32_t num_bytes[num_ops];
@@ -198,7 +198,7 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 	}
 
 	if (processed_ops != 0)
-		sso_kasumi_f8_n_buffer(&session->pKeySched_cipher, iv,
+		IMB_KASUMI_F8_N_BUFFER(qp->mgr, &session->pKeySched_cipher, iv,
 			src, dst, num_bytes, processed_ops);
 
 	return processed_ops;
@@ -206,7 +206,7 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 
 /** Encrypt/decrypt mbuf (bit level function). */
 static uint8_t
-process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
+process_kasumi_cipher_op_bit(struct kasumi_qp *qp, struct rte_crypto_op *op,
 		struct kasumi_session *session)
 {
 	uint8_t *src, *dst;
@@ -216,18 +216,16 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 
 	offset_in_bits = op->sym->cipher.data.offset;
 	src = rte_pktmbuf_mtod(op->sym->m_src, uint8_t *);
-	if (op->sym->m_dst == NULL) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-		KASUMI_LOG(ERR, "bit-level in-place not supported");
-		return 0;
-	}
-	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
+	if (op->sym->m_dst == NULL)
+		dst = src;
+	else
+		dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
 	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
 			session->cipher_iv_offset);
 	iv = *((uint64_t *)(iv_ptr));
 	length_in_bits = op->sym->cipher.data.length;
 
-	sso_kasumi_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
+	IMB_KASUMI_F8_1_BUFFER_BIT(qp->mgr, &session->pKeySched_cipher, iv,
 			src, dst, length_in_bits, offset_in_bits);
 
 	return 1;
@@ -262,7 +260,8 @@ process_kasumi_hash_op(struct kasumi_qp *qp, struct rte_crypto_op **ops,
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = qp->temp_digest;
-			sso_kasumi_f9_1_buffer(&session->pKeySched_hash, src,
+			IMB_KASUMI_F9_1_BUFFER(qp->mgr,
+					&session->pKeySched_hash, src,
 					num_bytes, dst);
 
 			/* Verify digest. */
@@ -272,7 +271,8 @@ process_kasumi_hash_op(struct kasumi_qp *qp, struct rte_crypto_op **ops,
 		} else  {
 			dst = ops[i]->sym->auth.digest.data;
 
-			sso_kasumi_f9_1_buffer(&session->pKeySched_hash, src,
+			IMB_KASUMI_F9_1_BUFFER(qp->mgr,
+					&session->pKeySched_hash, src,
 					num_bytes, dst);
 		}
 		processed_ops++;
@@ -292,7 +292,7 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
 
 	switch (session->op) {
 	case KASUMI_OP_ONLY_CIPHER:
-		processed_ops = process_kasumi_cipher_op(ops,
+		processed_ops = process_kasumi_cipher_op(qp, ops,
 				session, num_ops);
 		break;
 	case KASUMI_OP_ONLY_AUTH:
@@ -300,14 +300,14 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
 				num_ops);
 		break;
 	case KASUMI_OP_CIPHER_AUTH:
-		processed_ops = process_kasumi_cipher_op(ops, session,
+		processed_ops = process_kasumi_cipher_op(qp, ops, session,
 				num_ops);
 		process_kasumi_hash_op(qp, ops, session, processed_ops);
 		break;
 	case KASUMI_OP_AUTH_CIPHER:
 		processed_ops = process_kasumi_hash_op(qp, ops, session,
 				num_ops);
-		process_kasumi_cipher_op(ops, session, processed_ops);
+		process_kasumi_cipher_op(qp, ops, session, processed_ops);
 		break;
 	default:
 		/* Operation not supported. */
@@ -350,21 +350,21 @@ process_op_bit(struct rte_crypto_op *op, struct kasumi_session *session,
 
 	switch (session->op) {
 	case KASUMI_OP_ONLY_CIPHER:
-		processed_op = process_kasumi_cipher_op_bit(op,
+		processed_op = process_kasumi_cipher_op_bit(qp, op,
 				session);
 		break;
 	case KASUMI_OP_ONLY_AUTH:
 		processed_op = process_kasumi_hash_op(qp, &op, session, 1);
 		break;
 	case KASUMI_OP_CIPHER_AUTH:
-		processed_op = process_kasumi_cipher_op_bit(op, session);
+		processed_op = process_kasumi_cipher_op_bit(qp, op, session);
 		if (processed_op == 1)
 			process_kasumi_hash_op(qp, &op, session, 1);
 		break;
 	case KASUMI_OP_AUTH_CIPHER:
 		processed_op = process_kasumi_hash_op(qp, &op, session, 1);
 		if (processed_op == 1)
-			process_kasumi_cipher_op_bit(op, session);
+			process_kasumi_cipher_op_bit(qp, op, session);
 		break;
 	default:
 		/* Operation not supported. */
@@ -533,7 +533,7 @@ cryptodev_kasumi_create(const char *name,
 {
 	struct rte_cryptodev *dev;
 	struct kasumi_private *internals;
-	uint64_t cpu_flags = 0;
+	MB_MGR *mgr;
 
 	dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
 	if (dev == NULL) {
@@ -541,12 +541,6 @@ cryptodev_kasumi_create(const char *name,
 		goto init_error;
 	}
 
-	/* Check CPU for supported vector instruction set */
-	if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX))
-		cpu_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
-	else
-		cpu_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
-
 	dev->driver_id = cryptodev_driver_id;
 	dev->dev_ops = rte_kasumi_pmd_ops;
 
@@ -555,12 +549,24 @@ cryptodev_kasumi_create(const char *name,
 	dev->enqueue_burst = kasumi_pmd_enqueue_burst;
 
 	dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
-			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
-			cpu_flags;
+			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING;
+
+	mgr = alloc_mb_mgr(0);
+	if (mgr == NULL)
+		return -ENOMEM;
+
+	if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
+		init_mb_mgr_avx(mgr);
+	} else {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
+		init_mb_mgr_sse(mgr);
+	}
 
 	internals = dev->data->dev_private;
 
 	internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs;
+	internals->mgr = mgr;
 
 	return 0;
 init_error:
@@ -598,6 +604,7 @@ cryptodev_kasumi_remove(struct rte_vdev_device *vdev)
 {
 	struct rte_cryptodev *cryptodev;
 	const char *name;
+	struct kasumi_private *internals;
 
 	name = rte_vdev_device_name(vdev);
 	if (name == NULL)
@@ -607,6 +614,10 @@ cryptodev_kasumi_remove(struct rte_vdev_device *vdev)
 	if (cryptodev == NULL)
 		return -ENODEV;
 
+	internals = cryptodev->data->dev_private;
+
+	free_mb_mgr(internals->mgr);
+
 	return rte_cryptodev_pmd_destroy(cryptodev);
 }
 
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
index 5ce4953..55fbe00 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
@@ -195,6 +195,7 @@ kasumi_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		int socket_id)
 {
 	struct kasumi_qp *qp = NULL;
+	struct kasumi_private *internals = dev->data->dev_private;
 
 	/* Free memory prior to re-allocation if needed. */
 	if (dev->data->queue_pairs[qp_id] != NULL)
@@ -217,6 +218,7 @@ kasumi_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (qp->processed_ops == NULL)
 		goto qp_setup_cleanup;
 
+	qp->mgr = internals->mgr;
 	qp->sess_mp = qp_conf->mp_session;
 	qp->sess_mp_priv = qp_conf->mp_session_private;
 
@@ -246,13 +248,14 @@ kasumi_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 
 /** Configure a KASUMI session from a crypto xform chain */
 static int
-kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
+kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
 		struct rte_cryptodev_sym_session *sess,
 		struct rte_mempool *mempool)
 {
 	void *sess_private_data;
 	int ret;
+	struct kasumi_private *internals = dev->data->dev_private;
 
 	if (unlikely(sess == NULL)) {
 		KASUMI_LOG(ERR, "invalid session struct");
@@ -265,7 +268,8 @@ kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -ENOMEM;
 	}
 
-	ret = kasumi_set_session_parameters(sess_private_data, xform);
+	ret = kasumi_set_session_parameters(internals->mgr,
+					sess_private_data, xform);
 	if (ret != 0) {
 		KASUMI_LOG(ERR, "failed configure session parameters");
 
diff --git a/mk/rte.app.mk b/mk/rte.app.mk
index 62724cc..a8163f1 100644
--- a/mk/rte.app.mk
+++ b/mk/rte.app.mk
@@ -270,7 +270,7 @@ endif # CONFIG_RTE_LIBRTE_PMD_QAT
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -lrte_pmd_snow3g
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -L$(LIBSSO_SNOW3G_PATH)/build -lsso_snow3g
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lrte_pmd_kasumi
-_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lrte_pmd_zuc
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO)    += -lrte_pmd_armv8
-- 
2.7.5


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH v2 3/3] crypto/snow3g: use IPSec library
  2020-01-13 11:40 ` [dpdk-dev] [PATCH v2 0/3] Use Intel IPSec MB library in Wireless PMDs Pablo de Lara
  2020-01-13 11:40   ` [dpdk-dev] [PATCH v2 1/3] crypto/zuc: use IPSec library Pablo de Lara
  2020-01-13 11:40   ` [dpdk-dev] [PATCH v2 2/3] crypto/kasumi: " Pablo de Lara
@ 2020-01-13 11:40   ` Pablo de Lara
  2020-01-13 14:17   ` [dpdk-dev] [PATCH v2 0/3] Use Intel IPSec MB library in Wireless PMDs Ali Alnubani
  2020-01-16 11:41   ` [dpdk-dev] [PATCH v3 " Pablo de Lara
  4 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2020-01-13 11:40 UTC (permalink / raw)
  To: akhil.goyal, declan.doherty; +Cc: dev, Pablo de Lara

Link against Intel IPSec Multi-buffer library, which
added support for SNOW3G-UEA2 and SNOW3G-UIA2 from version v0.53,
moving from libSSO SNOW3G library.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 devtools/test-build.sh                     |  4 +-
 doc/guides/cryptodevs/snow3g.rst           | 58 +++++++++++---------
 doc/guides/rel_notes/release_20_02.rst     |  5 ++
 drivers/crypto/snow3g/Makefile             | 29 ++++++----
 drivers/crypto/snow3g/meson.build          | 21 ++++++--
 drivers/crypto/snow3g/rte_snow3g_pmd.c     | 85 ++++++++++++++++++------------
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c |  8 ++-
 drivers/crypto/snow3g/snow3g_pmd_private.h | 14 +++--
 mk/rte.app.mk                              |  2 +-
 9 files changed, 141 insertions(+), 85 deletions(-)

diff --git a/devtools/test-build.sh b/devtools/test-build.sh
index 56c744f..7bdd35e 100755
--- a/devtools/test-build.sh
+++ b/devtools/test-build.sh
@@ -27,7 +27,6 @@ default_path=$PATH
 # - DPDK_NOTIFY (notify-send)
 # - FLEXRAN_SDK
 # - LIBMUSDK_PATH
-# - LIBSSO_SNOW3G_PATH
 . $(dirname $(readlink -f $0))/load-devel-config
 
 print_usage () {
@@ -119,7 +118,6 @@ reset_env ()
 	unset ARMV8_CRYPTO_LIB_PATH
 	unset FLEXRAN_SDK
 	unset LIBMUSDK_PATH
-	unset LIBSSO_SNOW3G_PATH
 	unset PQOS_INSTALL_PATH
 }
 
@@ -183,7 +181,7 @@ config () # <directory> <target> <options>
 		sed -ri=""            's,(PMD_ZUC=)n,\1y,' $1/.config
 		test "$DPDK_DEP_IPSEC_MB" != y || \
 		sed -ri=""         's,(PMD_KASUMI=)n,\1y,' $1/.config
-		test -z "$LIBSSO_SNOW3G_PATH" || \
+		test "$DPDK_DEP_IPSEC_MB" != y || \
 		sed -ri=""         's,(PMD_SNOW3G=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
 		sed -ri=""            's,(PMD_CCP=)n,\1y,' $1/.config
diff --git a/doc/guides/cryptodevs/snow3g.rst b/doc/guides/cryptodevs/snow3g.rst
index 7cba712..d45bcad 100644
--- a/doc/guides/cryptodevs/snow3g.rst
+++ b/doc/guides/cryptodevs/snow3g.rst
@@ -1,12 +1,12 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright(c) 2016 Intel Corporation.
+    Copyright(c) 2016-2019 Intel Corporation.
 
 SNOW 3G Crypto Poll Mode Driver
 ===============================
 
-The SNOW 3G PMD (**librte_pmd_snow3g**) provides poll mode crypto driver
-support for utilizing Intel Libsso library, which implements F8 and F9 functions
-for SNOW 3G UEA2 cipher and UIA2 hash algorithms.
+The SNOW3G PMD (**librte_snow3g_zuc**) provides poll mode crypto driver support for
+utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_
+which implements F8 and F8 functions for SNOW 3G UEA2 cipher and UIA2 hash algorithms.
 
 Features
 --------
@@ -32,26 +32,33 @@ Limitations
 Installation
 ------------
 
-To build DPDK with the SNOW3G_PMD the user is required to download
-the export controlled ``libsso_snow3g`` library, by registering in
-`Intel Resource & Design Center <https://www.intel.com/content/www/us/en/design/resource-design-center.html>`_.
-Once approval has been granted, the user needs to search for
-*Snow3G F8 F9 3GPP cryptographic algorithms Software Library* to download the
-library or directly through this `link <https://cdrdv2.intel.com/v1/dl/getContent/575867>`_.
+To build DPDK with the SNOW3G_PMD the user is required to download the multi-buffer
+library from `here <https://github.com/01org/intel-ipsec-mb>`_
+and compile it on their user system before building DPDK.
+The latest version of the library supported by this PMD is v0.53, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+
 After downloading the library, the user needs to unpack and compile it
-on their system before building DPDK::
+on their system before building DPDK:
+
+.. code-block:: console
+
+    make
+    make install
 
-   make snow3G
+As a reference, the following table shows a mapping between the past DPDK versions
+and the external crypto libraries supported by them:
 
-**Note**: When encrypting with SNOW3G UEA2, by default the library
-encrypts blocks of 4 bytes, regardless the number of bytes to
-be encrypted provided (which leads to a possible buffer overflow).
-To avoid this situation, it is necessary not to pass
-3GPP_SAFE_BUFFERS as a compilation flag.
-For this, in the Makefile of the library, make sure that this flag
-is commented out.::
+.. _table_zuc_versions:
 
-  #EXTRA_CFLAGS  += -D_3GPP_SAFE_BUFFERS
+.. table:: DPDK and external crypto library version compatibility
+
+   =============  ================================
+   DPDK version   Crypto library version
+   =============  ================================
+   16.04 - 19.11  LibSSO SNOW3G
+   20.02+         Multi-buffer library 0.53
+   =============  ================================
 
 
 Initialization
@@ -59,12 +66,15 @@ Initialization
 
 In order to enable this virtual crypto PMD, user must:
 
-* Export the environmental variable LIBSSO_SNOW3G_PATH with the path where
-  the library was extracted (snow3g folder).
+* Build the multi buffer library (explained in Installation section).
+
+* Build DPDK as follows:
 
-* Build the LIBSSO_SNOW3G library (explained in Installation section).
+.. code-block:: console
 
-* Set CONFIG_RTE_LIBRTE_PMD_SNOW3G=y in config/common_base.
+	make config T=x86_64-native-linux-gcc
+	sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_SNOW3G\)=n,\1=y,' build/.config
+	make
 
 To use the PMD in an application, user must:
 
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index a3f6154..2532b21 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -68,6 +68,11 @@ New Features
   * Transistioned underlying library from libSSO KASUMI to intel-ipsec-mb
     library (minimum version required 0.53).
 
+* **Updated the SNOW3G PMD.**
+
+  * Transistioned underlying library from libSSO SNOW3G to intel-ipsec-mb
+    library (minimum version required 0.53).
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/snow3g/Makefile b/drivers/crypto/snow3g/Makefile
index 4086c57..438119c 100644
--- a/drivers/crypto/snow3g/Makefile
+++ b/drivers/crypto/snow3g/Makefile
@@ -1,14 +1,8 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2016 Intel Corporation
+# Copyright(c) 2016-2019 Intel Corporation
 
 include $(RTE_SDK)/mk/rte.vars.mk
 
-ifneq ($(MAKECMDGOALS),clean)
-ifeq ($(LIBSSO_SNOW3G_PATH),)
-$(error "Please define LIBSSO_SNOW3G_PATH environment variable")
-endif
-endif
-
 # library name
 LIB = librte_pmd_snow3g.a
 
@@ -21,14 +15,27 @@ CFLAGS += -DALLOW_EXPERIMENTAL_API
 EXPORT_MAP := rte_pmd_snow3g_version.map
 
 # external library dependencies
-CFLAGS += -I$(LIBSSO_SNOW3G_PATH)
-CFLAGS += -I$(LIBSSO_SNOW3G_PATH)/include
-CFLAGS += -I$(LIBSSO_SNOW3G_PATH)/build
-LDLIBS += -L$(LIBSSO_SNOW3G_PATH)/build -lsso_snow3g
+LDLIBS += -lIPSec_MB
 LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring
 LDLIBS += -lrte_cryptodev
 LDLIBS += -lrte_bus_vdev
 
+IMB_HDR = $(shell echo '\#include <intel-ipsec-mb.h>' | \
+	$(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \
+	head -n1 | cut -d'"' -f2)
+
+# Detect library version
+IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2)
+IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3)
+
+ifeq ($(IMB_VERSION),)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
+ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
 # library source files
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += rte_snow3g_pmd.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += rte_snow3g_pmd_ops.c
diff --git a/drivers/crypto/snow3g/meson.build b/drivers/crypto/snow3g/meson.build
index 0e8742a..e9497bd 100644
--- a/drivers/crypto/snow3g/meson.build
+++ b/drivers/crypto/snow3g/meson.build
@@ -1,11 +1,24 @@
 # SPDX-License-Identifier: BSD-3-Clause
 # Copyright(c) 2019 Intel Corporation
 
-lib = cc.find_library('sso_snow3g', required: false)
-if not lib.found() or not cc.has_header('sso_snow3g.h')
+IMB_required_ver = '0.53.0'
+lib = cc.find_library('IPSec_MB', required: false)
+if not lib.found()
 	build = false
-	reason = 'missing dependency, "libsso_snow3g"'
-	subdir_done()
+	reason = 'missing dependency, "libIPSec_MB"'
+else
+	ext_deps += lib
+
+	# version comes with quotes, so we split based on " and take the middle
+	imb_ver = cc.get_define('IMB_VERSION_STR',
+		prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
+
+	if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver))
+		message('IPSec_MB version >= @0@ is required, found version @1@'.format(
+				IMB_required_ver, imb_ver))
+		build = false
+	endif
+
 endif
 
 allow_experimental_apis = true
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 9d07e1a..d72112b 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -53,7 +53,7 @@ snow3g_get_mode(const struct rte_crypto_sym_xform *xform)
 
 /** Parse crypto xform chain and set private session parameters. */
 int
-snow3g_set_session_parameters(struct snow3g_session *sess,
+snow3g_set_session_parameters(MB_MGR *mgr, struct snow3g_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
 	const struct rte_crypto_sym_xform *auth_xform = NULL;
@@ -84,8 +84,6 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 	}
 
 	if (cipher_xform) {
-		uint8_t cipher_key[SNOW3G_MAX_KEY_SIZE];
-
 		/* Only SNOW 3G UEA2 supported */
 		if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_SNOW3G_UEA2)
 			return -ENOTSUP;
@@ -102,14 +100,11 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 		sess->cipher_iv_offset = cipher_xform->cipher.iv.offset;
 
 		/* Initialize key */
-		memcpy(cipher_key, cipher_xform->cipher.key.data,
-				cipher_xform->cipher.key.length);
-		sso_snow3g_init_key_sched(cipher_key, &sess->pKeySched_cipher);
+		IMB_SNOW3G_INIT_KEY_SCHED(mgr, cipher_xform->cipher.key.data,
+					&sess->pKeySched_cipher);
 	}
 
 	if (auth_xform) {
-		uint8_t auth_key[SNOW3G_MAX_KEY_SIZE];
-
 		/* Only SNOW 3G UIA2 supported */
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_SNOW3G_UIA2)
 			return -ENOTSUP;
@@ -132,12 +127,10 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 		sess->auth_iv_offset = auth_xform->auth.iv.offset;
 
 		/* Initialize key */
-		memcpy(auth_key, auth_xform->auth.key.data,
-				auth_xform->auth.key.length);
-		sso_snow3g_init_key_sched(auth_key, &sess->pKeySched_hash);
+		IMB_SNOW3G_INIT_KEY_SCHED(mgr, auth_xform->auth.key.data,
+					&sess->pKeySched_hash);
 	}
 
-
 	sess->op = mode;
 
 	return 0;
@@ -168,7 +161,7 @@ snow3g_get_session(struct snow3g_qp *qp, struct rte_crypto_op *op)
 
 		sess = (struct snow3g_session *)_sess_private_data;
 
-		if (unlikely(snow3g_set_session_parameters(sess,
+		if (unlikely(snow3g_set_session_parameters(qp->mgr, sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
 			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
@@ -188,14 +181,15 @@ snow3g_get_session(struct snow3g_qp *qp, struct rte_crypto_op *op)
 
 /** Encrypt/decrypt mbufs with same cipher key. */
 static uint8_t
-process_snow3g_cipher_op(struct rte_crypto_op **ops,
+process_snow3g_cipher_op(struct snow3g_qp *qp, struct rte_crypto_op **ops,
 		struct snow3g_session *session,
 		uint8_t num_ops)
 {
 	unsigned i;
 	uint8_t processed_ops = 0;
-	uint8_t *src[SNOW3G_MAX_BURST], *dst[SNOW3G_MAX_BURST];
-	uint8_t *iv[SNOW3G_MAX_BURST];
+	const void *src[SNOW3G_MAX_BURST];
+	void *dst[SNOW3G_MAX_BURST];
+	const void *iv[SNOW3G_MAX_BURST];
 	uint32_t num_bytes[SNOW3G_MAX_BURST];
 
 	for (i = 0; i < num_ops; i++) {
@@ -213,15 +207,16 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 		processed_ops++;
 	}
 
-	sso_snow3g_f8_n_buffer(&session->pKeySched_cipher, iv, src, dst,
-			num_bytes, processed_ops);
+	IMB_SNOW3G_F8_N_BUFFER(qp->mgr, &session->pKeySched_cipher, iv,
+			src, dst, num_bytes, processed_ops);
 
 	return processed_ops;
 }
 
 /** Encrypt/decrypt mbuf (bit level function). */
 static uint8_t
-process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
+process_snow3g_cipher_op_bit(struct snow3g_qp *qp,
+		struct rte_crypto_op *op,
 		struct snow3g_session *session)
 {
 	uint8_t *src, *dst;
@@ -240,7 +235,7 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 				session->cipher_iv_offset);
 	length_in_bits = op->sym->cipher.data.length;
 
-	sso_snow3g_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
+	IMB_SNOW3G_F8_1_BUFFER_BIT(qp->mgr, &session->pKeySched_cipher, iv,
 			src, dst, length_in_bits, offset_in_bits);
 
 	return 1;
@@ -276,9 +271,9 @@ process_snow3g_hash_op(struct snow3g_qp *qp, struct rte_crypto_op **ops,
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = qp->temp_digest;
 
-			sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
-					iv, src,
-					length_in_bits,	dst);
+			IMB_SNOW3G_F9_1_BUFFER(qp->mgr,
+					&session->pKeySched_hash,
+					iv, src, length_in_bits, dst);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
 					SNOW3G_DIGEST_LENGTH) != 0)
@@ -286,9 +281,9 @@ process_snow3g_hash_op(struct snow3g_qp *qp, struct rte_crypto_op **ops,
 		} else  {
 			dst = ops[i]->sym->auth.digest.data;
 
-			sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
-					iv, src,
-					length_in_bits, dst);
+			IMB_SNOW3G_F9_1_BUFFER(qp->mgr,
+					&session->pKeySched_hash,
+					iv, src, length_in_bits, dst);
 		}
 		processed_ops++;
 	}
@@ -322,7 +317,7 @@ process_ops(struct rte_crypto_op **ops, struct snow3g_session *session,
 
 	switch (session->op) {
 	case SNOW3G_OP_ONLY_CIPHER:
-		processed_ops = process_snow3g_cipher_op(ops,
+		processed_ops = process_snow3g_cipher_op(qp, ops,
 				session, num_ops);
 		break;
 	case SNOW3G_OP_ONLY_AUTH:
@@ -330,14 +325,14 @@ process_ops(struct rte_crypto_op **ops, struct snow3g_session *session,
 				num_ops);
 		break;
 	case SNOW3G_OP_CIPHER_AUTH:
-		processed_ops = process_snow3g_cipher_op(ops, session,
+		processed_ops = process_snow3g_cipher_op(qp, ops, session,
 				num_ops);
 		process_snow3g_hash_op(qp, ops, session, processed_ops);
 		break;
 	case SNOW3G_OP_AUTH_CIPHER:
 		processed_ops = process_snow3g_hash_op(qp, ops, session,
 				num_ops);
-		process_snow3g_cipher_op(ops, session, processed_ops);
+		process_snow3g_cipher_op(qp, ops, session, processed_ops);
 		break;
 	default:
 		/* Operation not supported. */
@@ -380,21 +375,21 @@ process_op_bit(struct rte_crypto_op *op, struct snow3g_session *session,
 
 	switch (session->op) {
 	case SNOW3G_OP_ONLY_CIPHER:
-		processed_op = process_snow3g_cipher_op_bit(op,
+		processed_op = process_snow3g_cipher_op_bit(qp, op,
 				session);
 		break;
 	case SNOW3G_OP_ONLY_AUTH:
 		processed_op = process_snow3g_hash_op(qp, &op, session, 1);
 		break;
 	case SNOW3G_OP_CIPHER_AUTH:
-		processed_op = process_snow3g_cipher_op_bit(op, session);
+		processed_op = process_snow3g_cipher_op_bit(qp, op, session);
 		if (processed_op == 1)
 			process_snow3g_hash_op(qp, &op, session, 1);
 		break;
 	case SNOW3G_OP_AUTH_CIPHER:
 		processed_op = process_snow3g_hash_op(qp, &op, session, 1);
 		if (processed_op == 1)
-			process_snow3g_cipher_op_bit(op, session);
+			process_snow3g_cipher_op_bit(qp, op, session);
 		break;
 	default:
 		/* Operation not supported. */
@@ -550,7 +545,7 @@ cryptodev_snow3g_create(const char *name,
 {
 	struct rte_cryptodev *dev;
 	struct snow3g_private *internals;
-	uint64_t cpu_flags = RTE_CRYPTODEV_FF_CPU_SSE;
+	MB_MGR *mgr;
 
 	dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
 	if (dev == NULL) {
@@ -566,10 +561,25 @@ cryptodev_snow3g_create(const char *name,
 	dev->enqueue_burst = snow3g_pmd_enqueue_burst;
 
 	dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
-			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
-			cpu_flags;
+			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING;
+
+	mgr = alloc_mb_mgr(0);
+	if (mgr == NULL)
+		return -ENOMEM;
+
+	if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX2)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX2;
+		init_mb_mgr_avx2(mgr);
+	} else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
+		init_mb_mgr_avx(mgr);
+	} else {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
+		init_mb_mgr_sse(mgr);
+	}
 
 	internals = dev->data->dev_private;
+	internals->mgr = mgr;
 
 	internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs;
 
@@ -609,6 +619,7 @@ cryptodev_snow3g_remove(struct rte_vdev_device *vdev)
 {
 	struct rte_cryptodev *cryptodev;
 	const char *name;
+	struct snow3g_private *internals;
 
 	name = rte_vdev_device_name(vdev);
 	if (name == NULL)
@@ -618,6 +629,10 @@ cryptodev_snow3g_remove(struct rte_vdev_device *vdev)
 	if (cryptodev == NULL)
 		return -ENODEV;
 
+	internals = cryptodev->data->dev_private;
+
+	free_mb_mgr(internals->mgr);
+
 	return rte_cryptodev_pmd_destroy(cryptodev);
 }
 
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
index 8778f28..ea76637 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
@@ -201,6 +201,7 @@ snow3g_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		int socket_id)
 {
 	struct snow3g_qp *qp = NULL;
+	struct snow3g_private *internals = dev->data->dev_private;
 
 	/* Free memory prior to re-allocation if needed. */
 	if (dev->data->queue_pairs[qp_id] != NULL)
@@ -223,6 +224,7 @@ snow3g_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (qp->processed_ops == NULL)
 		goto qp_setup_cleanup;
 
+	qp->mgr = internals->mgr;
 	qp->sess_mp = qp_conf->mp_session;
 	qp->sess_mp_priv = qp_conf->mp_session_private;
 
@@ -253,13 +255,14 @@ snow3g_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 
 /** Configure a SNOW 3G session from a crypto xform chain */
 static int
-snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
+snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
 		struct rte_cryptodev_sym_session *sess,
 		struct rte_mempool *mempool)
 {
 	void *sess_private_data;
 	int ret;
+	struct snow3g_private *internals = dev->data->dev_private;
 
 	if (unlikely(sess == NULL)) {
 		SNOW3G_LOG(ERR, "invalid session struct");
@@ -272,7 +275,8 @@ snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -ENOMEM;
 	}
 
-	ret = snow3g_set_session_parameters(sess_private_data, xform);
+	ret = snow3g_set_session_parameters(internals->mgr,
+					sess_private_data, xform);
 	if (ret != 0) {
 		SNOW3G_LOG(ERR, "failed configure session parameters");
 
diff --git a/drivers/crypto/snow3g/snow3g_pmd_private.h b/drivers/crypto/snow3g/snow3g_pmd_private.h
index 1fe05eb..2074f3d 100644
--- a/drivers/crypto/snow3g/snow3g_pmd_private.h
+++ b/drivers/crypto/snow3g/snow3g_pmd_private.h
@@ -1,11 +1,11 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright(c) 2016-2018 Intel Corporation
+ * Copyright(c) 2016-2019 Intel Corporation
  */
 
 #ifndef _SNOW3G_PMD_PRIVATE_H_
 #define _SNOW3G_PMD_PRIVATE_H_
 
-#include <sso_snow3g.h>
+#include <intel-ipsec-mb.h>
 
 #define CRYPTODEV_NAME_SNOW3G_PMD	crypto_snow3g
 /**< SNOW 3G PMD device name */
@@ -25,6 +25,8 @@ int snow3g_logtype_driver;
 struct snow3g_private {
 	unsigned max_nb_queue_pairs;
 	/**< Max number of queue pairs supported by device */
+	MB_MGR *mgr;
+	/**< Multi-buffer instance */
 };
 
 /** SNOW 3G buffer queue pair */
@@ -46,6 +48,8 @@ struct snow3g_qp {
 	 * by the driver when verifying a digest provided
 	 * by the user (using authentication verify operation)
 	 */
+	MB_MGR *mgr;
+	/**< Multi-buffer instance */
 } __rte_cache_aligned;
 
 enum snow3g_operation {
@@ -60,15 +64,15 @@ enum snow3g_operation {
 struct snow3g_session {
 	enum snow3g_operation op;
 	enum rte_crypto_auth_operation auth_op;
-	sso_snow3g_key_schedule_t pKeySched_cipher;
-	sso_snow3g_key_schedule_t pKeySched_hash;
+	snow3g_key_schedule_t pKeySched_cipher;
+	snow3g_key_schedule_t pKeySched_hash;
 	uint16_t cipher_iv_offset;
 	uint16_t auth_iv_offset;
 } __rte_cache_aligned;
 
 
 extern int
-snow3g_set_session_parameters(struct snow3g_session *sess,
+snow3g_set_session_parameters(MB_MGR *mgr, struct snow3g_session *sess,
 		const struct rte_crypto_sym_xform *xform);
 
 
diff --git a/mk/rte.app.mk b/mk/rte.app.mk
index a8163f1..8bf6b3d 100644
--- a/mk/rte.app.mk
+++ b/mk/rte.app.mk
@@ -268,7 +268,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_QAT_SYM)     += -lrte_pmd_qat -lcrypto
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_QAT_ASYM)    += -lrte_pmd_qat -lcrypto
 endif # CONFIG_RTE_LIBRTE_PMD_QAT
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -lrte_pmd_snow3g
-_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -L$(LIBSSO_SNOW3G_PATH)/build -lsso_snow3g
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lrte_pmd_kasumi
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lrte_pmd_zuc
-- 
2.7.5


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [dpdk-dev] [PATCH v2 1/3] crypto/zuc: use IPSec library
  2020-01-13 11:40   ` [dpdk-dev] [PATCH v2 1/3] crypto/zuc: use IPSec library Pablo de Lara
@ 2020-01-13 12:45     ` Bruce Richardson
  2020-01-13 12:46       ` Bruce Richardson
  0 siblings, 1 reply; 21+ messages in thread
From: Bruce Richardson @ 2020-01-13 12:45 UTC (permalink / raw)
  To: Pablo de Lara; +Cc: akhil.goyal, declan.doherty, dev

On Mon, Jan 13, 2020 at 11:40:23AM +0000, Pablo de Lara wrote:
> Link against Intel IPSec Multi-buffer library, which
> added support for ZUC-EEA3 and ZUC-EIA3 from version v0.53,
> moving from libSSO ZUC library.
> 
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
>  devtools/test-build.sh                 |  6 ++--
>  doc/guides/cryptodevs/zuc.rst          | 52 ++++++++++++++++++++--------------
>  doc/guides/rel_notes/release_20_02.rst |  7 +++++
>  drivers/crypto/zuc/Makefile            | 28 +++++++++++-------
>  drivers/crypto/zuc/meson.build         | 24 ++++++++++++----
>  drivers/crypto/zuc/rte_zuc_pmd.c       | 51 ++++++++++++++++++++++++---------
>  drivers/crypto/zuc/rte_zuc_pmd_ops.c   |  2 ++
>  drivers/crypto/zuc/zuc_pmd_private.h   |  6 +++-
>  mk/rte.app.mk                          |  2 +-
>  9 files changed, 120 insertions(+), 58 deletions(-)
> 

<snip>

> diff --git a/drivers/crypto/zuc/meson.build b/drivers/crypto/zuc/meson.build
> index b231de0..b7098a3 100644
> --- a/drivers/crypto/zuc/meson.build
> +++ b/drivers/crypto/zuc/meson.build
> @@ -1,14 +1,26 @@
>  # SPDX-License-Identifier: BSD-3-Clause
> -# Copyright(c) 2018 Intel Corporation
> +# Copyright(c) 2018-2019 Intel Corporation
>  
> -lib = cc.find_library('sso_zuc', required: false)
> -if not lib.found() or not cc.has_header('sso_zuc.h')
> +IMB_required_ver = '0.53.0'
> +lib = cc.find_library('IPSec_MB', required: false)
> +if not lib.found()
>  	build = false
> -	reason = 'missing dependency, "libsso_zuc"'
> -	subdir_done()
> +	reason = 'missing dependency, "libIPSec_MB"'
> +else
> +	ext_deps += lib
> +
> +	# version comes with quotes, so we split based on " and take the middle
> +	imb_ver = cc.get_define('IMB_VERSION_STR',
> +		prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
> +
> +	if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver))
> +		message('IPSec_MB version >= @0@ is required, found version @1@'.format(
> +				IMB_required_ver, imb_ver))
> +		build = false

Rather than/As well as printing a message here, you also need to provide a
reason when setting build = false, so the summary at the end can report why
the driver is not being built.

> +	endif
> +
>  endif
>  
>  allow_experimental_apis = true
> -ext_deps += lib

If you drop the line after the else above, you can keep this line and
shrink the diff by 2 lines. :-)

/Bruce

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [dpdk-dev] [PATCH v2 1/3] crypto/zuc: use IPSec library
  2020-01-13 12:45     ` Bruce Richardson
@ 2020-01-13 12:46       ` Bruce Richardson
  0 siblings, 0 replies; 21+ messages in thread
From: Bruce Richardson @ 2020-01-13 12:46 UTC (permalink / raw)
  To: Pablo de Lara; +Cc: akhil.goyal, declan.doherty, dev

On Mon, Jan 13, 2020 at 12:45:14PM +0000, Bruce Richardson wrote:
> On Mon, Jan 13, 2020 at 11:40:23AM +0000, Pablo de Lara wrote:
> > Link against Intel IPSec Multi-buffer library, which
> > added support for ZUC-EEA3 and ZUC-EIA3 from version v0.53,
> > moving from libSSO ZUC library.
> > 
> > Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> > ---
> >  devtools/test-build.sh                 |  6 ++--
> >  doc/guides/cryptodevs/zuc.rst          | 52 ++++++++++++++++++++--------------
> >  doc/guides/rel_notes/release_20_02.rst |  7 +++++
> >  drivers/crypto/zuc/Makefile            | 28 +++++++++++-------
> >  drivers/crypto/zuc/meson.build         | 24 ++++++++++++----
> >  drivers/crypto/zuc/rte_zuc_pmd.c       | 51 ++++++++++++++++++++++++---------
> >  drivers/crypto/zuc/rte_zuc_pmd_ops.c   |  2 ++
> >  drivers/crypto/zuc/zuc_pmd_private.h   |  6 +++-
> >  mk/rte.app.mk                          |  2 +-
> >  9 files changed, 120 insertions(+), 58 deletions(-)
> > 
> 
> <snip>
> 
> > diff --git a/drivers/crypto/zuc/meson.build b/drivers/crypto/zuc/meson.build
> > index b231de0..b7098a3 100644
> > --- a/drivers/crypto/zuc/meson.build
> > +++ b/drivers/crypto/zuc/meson.build
> > @@ -1,14 +1,26 @@
> >  # SPDX-License-Identifier: BSD-3-Clause
> > -# Copyright(c) 2018 Intel Corporation
> > +# Copyright(c) 2018-2019 Intel Corporation
> >  
> > -lib = cc.find_library('sso_zuc', required: false)
> > -if not lib.found() or not cc.has_header('sso_zuc.h')
> > +IMB_required_ver = '0.53.0'
> > +lib = cc.find_library('IPSec_MB', required: false)
> > +if not lib.found()
> >  	build = false
> > -	reason = 'missing dependency, "libsso_zuc"'
> > -	subdir_done()
> > +	reason = 'missing dependency, "libIPSec_MB"'
> > +else
> > +	ext_deps += lib
> > +
> > +	# version comes with quotes, so we split based on " and take the middle
> > +	imb_ver = cc.get_define('IMB_VERSION_STR',
> > +		prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
> > +
> > +	if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver))
> > +		message('IPSec_MB version >= @0@ is required, found version @1@'.format(
> > +				IMB_required_ver, imb_ver))
> > +		build = false
> 
> Rather than/As well as printing a message here, you also need to provide a
> reason when setting build = false, so the summary at the end can report why
> the driver is not being built.
> 
> > +	endif
> > +
> >  endif
> >  
> >  allow_experimental_apis = true
> > -ext_deps += lib
> 
> If you drop the line after the else above, you can keep this line and
> shrink the diff by 2 lines. :-)
> 
> /Bruce

BTW: Same comments apply to other two patches in the set.

/Bruce

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] Use Intel IPSec MB library in Wireless PMDs
  2020-01-13 11:40 ` [dpdk-dev] [PATCH v2 0/3] Use Intel IPSec MB library in Wireless PMDs Pablo de Lara
                     ` (2 preceding siblings ...)
  2020-01-13 11:40   ` [dpdk-dev] [PATCH v2 3/3] crypto/snow3g: " Pablo de Lara
@ 2020-01-13 14:17   ` Ali Alnubani
  2020-01-16  8:36     ` De Lara Guarch, Pablo
  2020-01-16 11:41   ` [dpdk-dev] [PATCH v3 " Pablo de Lara
  4 siblings, 1 reply; 21+ messages in thread
From: Ali Alnubani @ 2020-01-13 14:17 UTC (permalink / raw)
  To: Pablo de Lara, akhil.goyal, declan.doherty; +Cc: dev

Hi,

> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Pablo de Lara
> Sent: Monday, January 13, 2020 1:40 PM
> To: akhil.goyal@nxp.com; declan.doherty@intel.com
> Cc: dev@dpdk.org; Pablo de Lara <pablo.de.lara.guarch@intel.com>
> Subject: [dpdk-dev] [PATCH v2 0/3] Use Intel IPSec MB library in Wireless
> PMDs
> 
> The three Intel SW Crypto PMDs supporting SNOW3G, ZUC and KASUMI link
> against libSSO libraries.
> The Intel IPSec Multi-buffer library recently integrated the code from these
> libraries, in version v0.53.
> This library can be downloaded from
<removed>
> 
> KASUMI, SNOW3G and ZUC PMDs have been modified to use this single
> library, which is already used in the AESNI MB and AESNI GCM PMDs,
> reducing the number of external dependencies in the crypto PMDs.
> 
> Changes in v2:
> - Updated ZUC PMD to support future AVX512 and AVX2 implementations.
> 
> Pablo de Lara (3):
>   crypto/zuc: use IPSec library
>   crypto/kasumi: use IPSec library
>   crypto/snow3g: use IPSec library
> 
>  devtools/test-build.sh                     | 16 ++----
>  doc/guides/cryptodevs/kasumi.rst           | 62 ++++++++++++----------
>  doc/guides/cryptodevs/snow3g.rst           | 58 +++++++++++---------
>  doc/guides/cryptodevs/zuc.rst              | 52 ++++++++++--------
>  doc/guides/rel_notes/release_20_02.rst     | 17 ++++++
>  drivers/crypto/kasumi/Makefile             | 26 +++++----
>  drivers/crypto/kasumi/kasumi_pmd_private.h | 12 +++--
>  drivers/crypto/kasumi/meson.build          | 24 ++++++---
>  drivers/crypto/kasumi/rte_kasumi_pmd.c     | 79 +++++++++++++++---------
> ---
>  drivers/crypto/kasumi/rte_kasumi_pmd_ops.c |  8 ++-
>  drivers/crypto/snow3g/Makefile             | 29 ++++++----
>  drivers/crypto/snow3g/meson.build          | 21 ++++++--
>  drivers/crypto/snow3g/rte_snow3g_pmd.c     | 85 ++++++++++++++++++---
> ---------
>  drivers/crypto/snow3g/rte_snow3g_pmd_ops.c |  8 ++-
> drivers/crypto/snow3g/snow3g_pmd_private.h | 14 +++--
>  drivers/crypto/zuc/Makefile                | 28 ++++++----
>  drivers/crypto/zuc/meson.build             | 24 ++++++---
>  drivers/crypto/zuc/rte_zuc_pmd.c           | 51 +++++++++++++-----
>  drivers/crypto/zuc/rte_zuc_pmd_ops.c       |  2 +
>  drivers/crypto/zuc/zuc_pmd_private.h       |  6 ++-
>  mk/rte.app.mk                              |  6 +--
>  21 files changed, 395 insertions(+), 233 deletions(-)
> 
> --
> 2.7.5

I see the following build failure when applying the patchset:
"""
../../root/dpdk/drivers/crypto/zuc/rte_zuc_pmd.c:225:51: error: cast from 'uint8_t **' (aka 'unsigned char **') to 'const void **' must have all intermediate pointers const qualified to be safe [-Werror,-Wcast-qual]
        IMB_ZUC_EEA3_N_BUFFER(qp->mb_mgr, (const void **)cipher_keys,
                                                         ^
../../root/dpdk/drivers/crypto/zuc/rte_zuc_pmd.c:226:19: error: cast from 'uint8_t **' (aka 'unsigned char **') to 'const void **' must have all intermediate pointers const qualified to be safe [-Werror,-Wcast-qual]
                        (const void **)iv, (const void **)src, (void **)dst,
                                       ^
../../root/dpdk/drivers/crypto/zuc/rte_zuc_pmd.c:226:38: error: cast from 'uint8_t **' (aka 'unsigned char **') to 'const void **' must have all intermediate pointers const qualified to be safe [-Werror,-Wcast-qual]
                        (const void **)iv, (const void **)src, (void **)dst,
                                                          ^
3 errors generated.
"""

It reproduces with meson on Fedora 31 and clang (version 9.0.0).
I'm using intel-ipsec-mb version 0.53.

Regards,
Ali

^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] Use Intel IPSec MB library in Wireless PMDs
  2020-01-13 14:17   ` [dpdk-dev] [PATCH v2 0/3] Use Intel IPSec MB library in Wireless PMDs Ali Alnubani
@ 2020-01-16  8:36     ` De Lara Guarch, Pablo
  0 siblings, 0 replies; 21+ messages in thread
From: De Lara Guarch, Pablo @ 2020-01-16  8:36 UTC (permalink / raw)
  To: Ali Alnubani, akhil.goyal, Doherty, Declan; +Cc: dev

Hi,

> -----Original Message-----
> From: Ali Alnubani <alialnu@mellanox.com>
> Sent: Monday, January 13, 2020 2:18 PM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> akhil.goyal@nxp.com; Doherty, Declan <declan.doherty@intel.com>
> Cc: dev@dpdk.org
> Subject: RE: [dpdk-dev] [PATCH v2 0/3] Use Intel IPSec MB library in Wireless
> PMDs
> 
> Hi,
> 
> > -----Original Message-----
> > From: dev <dev-bounces@dpdk.org> On Behalf Of Pablo de Lara
> > Sent: Monday, January 13, 2020 1:40 PM
> > To: akhil.goyal@nxp.com; declan.doherty@intel.com
> > Cc: dev@dpdk.org; Pablo de Lara <pablo.de.lara.guarch@intel.com>
> > Subject: [dpdk-dev] [PATCH v2 0/3] Use Intel IPSec MB library in
> > Wireless PMDs
> >
> > The three Intel SW Crypto PMDs supporting SNOW3G, ZUC and KASUMI link
> > against libSSO libraries.
> > The Intel IPSec Multi-buffer library recently integrated the code from
> > these libraries, in version v0.53.
> > This library can be downloaded from
> <removed>
> >
> > KASUMI, SNOW3G and ZUC PMDs have been modified to use this single
> > library, which is already used in the AESNI MB and AESNI GCM PMDs,
> > reducing the number of external dependencies in the crypto PMDs.
> >
> > Changes in v2:
> > - Updated ZUC PMD to support future AVX512 and AVX2 implementations.
> >
> > Pablo de Lara (3):
> >   crypto/zuc: use IPSec library
> >   crypto/kasumi: use IPSec library
> >   crypto/snow3g: use IPSec library
> >
> >  devtools/test-build.sh                     | 16 ++----
> >  doc/guides/cryptodevs/kasumi.rst           | 62 ++++++++++++----------
> >  doc/guides/cryptodevs/snow3g.rst           | 58 +++++++++++---------
> >  doc/guides/cryptodevs/zuc.rst              | 52 ++++++++++--------
> >  doc/guides/rel_notes/release_20_02.rst     | 17 ++++++
> >  drivers/crypto/kasumi/Makefile             | 26 +++++----
> >  drivers/crypto/kasumi/kasumi_pmd_private.h | 12 +++--
> >  drivers/crypto/kasumi/meson.build          | 24 ++++++---
> >  drivers/crypto/kasumi/rte_kasumi_pmd.c     | 79 +++++++++++++++---------
> > ---
> >  drivers/crypto/kasumi/rte_kasumi_pmd_ops.c |  8 ++-
> >  drivers/crypto/snow3g/Makefile             | 29 ++++++----
> >  drivers/crypto/snow3g/meson.build          | 21 ++++++--
> >  drivers/crypto/snow3g/rte_snow3g_pmd.c     | 85 ++++++++++++++++++---
> > ---------
> >  drivers/crypto/snow3g/rte_snow3g_pmd_ops.c |  8 ++-
> > drivers/crypto/snow3g/snow3g_pmd_private.h | 14 +++--
> >  drivers/crypto/zuc/Makefile                | 28 ++++++----
> >  drivers/crypto/zuc/meson.build             | 24 ++++++---
> >  drivers/crypto/zuc/rte_zuc_pmd.c           | 51 +++++++++++++-----
> >  drivers/crypto/zuc/rte_zuc_pmd_ops.c       |  2 +
> >  drivers/crypto/zuc/zuc_pmd_private.h       |  6 ++-
> >  mk/rte.app.mk                              |  6 +--
> >  21 files changed, 395 insertions(+), 233 deletions(-)
> >
> > --
> > 2.7.5
> 
> I see the following build failure when applying the patchset:
> """
> ../../root/dpdk/drivers/crypto/zuc/rte_zuc_pmd.c:225:51: error: cast from
> 'uint8_t **' (aka 'unsigned char **') to 'const void **' must have all intermediate
> pointers const qualified to be safe [-Werror,-Wcast-qual]
>         IMB_ZUC_EEA3_N_BUFFER(qp->mb_mgr, (const void **)cipher_keys,
>                                                          ^
> ../../root/dpdk/drivers/crypto/zuc/rte_zuc_pmd.c:226:19: error: cast from
> 'uint8_t **' (aka 'unsigned char **') to 'const void **' must have all intermediate
> pointers const qualified to be safe [-Werror,-Wcast-qual]
>                         (const void **)iv, (const void **)src, (void **)dst,
>                                        ^
> ../../root/dpdk/drivers/crypto/zuc/rte_zuc_pmd.c:226:38: error: cast from
> 'uint8_t **' (aka 'unsigned char **') to 'const void **' must have all intermediate
> pointers const qualified to be safe [-Werror,-Wcast-qual]
>                         (const void **)iv, (const void **)src, (void **)dst,
>                                                           ^
> 3 errors generated.
> """
> 
> It reproduces with meson on Fedora 31 and clang (version 9.0.0).
> I'm using intel-ipsec-mb version 0.53.

Thanks for reporting this issue. By the time I sent the patchset, I saw no compilation errors.
Will send a v3 fixing this and addressing Bruce's comments.

Thanks,
Pablo

> 
> Regards,
> Ali

^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH v3 0/3] Use Intel IPSec MB library in Wireless PMDs
  2020-01-13 11:40 ` [dpdk-dev] [PATCH v2 0/3] Use Intel IPSec MB library in Wireless PMDs Pablo de Lara
                     ` (3 preceding siblings ...)
  2020-01-13 14:17   ` [dpdk-dev] [PATCH v2 0/3] Use Intel IPSec MB library in Wireless PMDs Ali Alnubani
@ 2020-01-16 11:41   ` Pablo de Lara
  2020-01-16 11:41     ` [dpdk-dev] [PATCH v3 1/3] crypto/zuc: use IPSec library Pablo de Lara
                       ` (3 more replies)
  4 siblings, 4 replies; 21+ messages in thread
From: Pablo de Lara @ 2020-01-16 11:41 UTC (permalink / raw)
  To: akhil.goyal, declan.doherty, bruce.richardson; +Cc: dev, Pablo de Lara

The three Intel SW Crypto PMDs supporting SNOW3G, ZUC and KASUMI link against libSSO libraries.
The Intel IPSec Multi-buffer library recently integrated the code from these libraries, in version v0.53.
This library can be downloaded from https://github.com/intel/intel-ipsec-mb.

KASUMI, SNOW3G and ZUC PMDs have been modified to use this single library,
which is already used in the AESNI MB and AESNI GCM PMDs,
reducing the number of external dependencies in the crypto PMDs.

Changes in v3:
- Fixed clang compilation
- Added reason field in meson config files

Changes in v2:
- Updated ZUC PMD to support future AVX512 and AVX2 implementations.

Pablo de Lara (3):
  crypto/zuc: use IPSec library
  crypto/kasumi: use IPSec library
  crypto/snow3g: use IPSec library

 devtools/test-build.sh                     | 16 ++----
 doc/guides/cryptodevs/kasumi.rst           | 62 ++++++++++++----------
 doc/guides/cryptodevs/snow3g.rst           | 58 +++++++++++---------
 doc/guides/cryptodevs/zuc.rst              | 52 ++++++++++--------
 doc/guides/rel_notes/release_20_02.rst     | 17 ++++++
 drivers/crypto/kasumi/Makefile             | 26 +++++----
 drivers/crypto/kasumi/kasumi_pmd_private.h | 12 +++--
 drivers/crypto/kasumi/meson.build          | 21 ++++++--
 drivers/crypto/kasumi/rte_kasumi_pmd.c     | 79 +++++++++++++++------------
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c |  8 ++-
 drivers/crypto/snow3g/Makefile             | 29 ++++++----
 drivers/crypto/snow3g/meson.build          | 21 ++++++--
 drivers/crypto/snow3g/rte_snow3g_pmd.c     | 85 ++++++++++++++++++------------
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c |  8 ++-
 drivers/crypto/snow3g/snow3g_pmd_private.h | 14 +++--
 drivers/crypto/zuc/Makefile                | 28 ++++++----
 drivers/crypto/zuc/meson.build             | 21 ++++++--
 drivers/crypto/zuc/rte_zuc_pmd.c           | 58 ++++++++++++++------
 drivers/crypto/zuc/rte_zuc_pmd_ops.c       |  2 +
 drivers/crypto/zuc/zuc_pmd_private.h       |  6 ++-
 mk/rte.app.mk                              |  6 +--
 21 files changed, 394 insertions(+), 235 deletions(-)

-- 
2.7.5


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH v3 1/3] crypto/zuc: use IPSec library
  2020-01-16 11:41   ` [dpdk-dev] [PATCH v3 " Pablo de Lara
@ 2020-01-16 11:41     ` Pablo de Lara
  2020-01-16 11:41     ` [dpdk-dev] [PATCH v3 2/3] crypto/kasumi: " Pablo de Lara
                       ` (2 subsequent siblings)
  3 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2020-01-16 11:41 UTC (permalink / raw)
  To: akhil.goyal, declan.doherty, bruce.richardson; +Cc: dev, Pablo de Lara

Link against Intel IPSec Multi-buffer library, which
added support for ZUC-EEA3 and ZUC-EIA3 from version v0.53,
moving from libSSO ZUC library.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 devtools/test-build.sh                 |  6 ++--
 doc/guides/cryptodevs/zuc.rst          | 52 ++++++++++++++++++------------
 doc/guides/rel_notes/release_20_02.rst |  7 ++++
 drivers/crypto/zuc/Makefile            | 28 +++++++++-------
 drivers/crypto/zuc/meson.build         | 21 +++++++++---
 drivers/crypto/zuc/rte_zuc_pmd.c       | 58 ++++++++++++++++++++++++----------
 drivers/crypto/zuc/rte_zuc_pmd_ops.c   |  2 ++
 drivers/crypto/zuc/zuc_pmd_private.h   |  6 +++-
 mk/rte.app.mk                          |  2 +-
 9 files changed, 122 insertions(+), 60 deletions(-)

diff --git a/devtools/test-build.sh b/devtools/test-build.sh
index be565a1..afa0748 100755
--- a/devtools/test-build.sh
+++ b/devtools/test-build.sh
@@ -29,7 +29,6 @@ default_path=$PATH
 # - LIBMUSDK_PATH
 # - LIBSSO_SNOW3G_PATH
 # - LIBSSO_KASUMI_PATH
-# - LIBSSO_ZUC_PATH
 . $(dirname $(readlink -f $0))/load-devel-config
 
 print_usage () {
@@ -123,7 +122,6 @@ reset_env ()
 	unset LIBMUSDK_PATH
 	unset LIBSSO_SNOW3G_PATH
 	unset LIBSSO_KASUMI_PATH
-	unset LIBSSO_ZUC_PATH
 	unset PQOS_INSTALL_PATH
 }
 
@@ -183,12 +181,12 @@ config () # <directory> <target> <options>
 		sed -ri=""       's,(PMD_AESNI_MB=)n,\1y,' $1/.config
 		test "$DPDK_DEP_IPSEC_MB" != y || \
 		sed -ri=""      's,(PMD_AESNI_GCM=)n,\1y,' $1/.config
+		test "$DPDK_DEP_IPSEC_MB" != y || \
+		sed -ri=""            's,(PMD_ZUC=)n,\1y,' $1/.config
 		test -z "$LIBSSO_SNOW3G_PATH" || \
 		sed -ri=""         's,(PMD_SNOW3G=)n,\1y,' $1/.config
 		test -z "$LIBSSO_KASUMI_PATH" || \
 		sed -ri=""         's,(PMD_KASUMI=)n,\1y,' $1/.config
-		test -z "$LIBSSO_ZUC_PATH" || \
-		sed -ri=""            's,(PMD_ZUC=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
 		sed -ri=""            's,(PMD_CCP=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
index 002e986..23d618d 100644
--- a/doc/guides/cryptodevs/zuc.rst
+++ b/doc/guides/cryptodevs/zuc.rst
@@ -1,12 +1,12 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright(c) 2016 Intel Corporation.
+    Copyright(c) 2016-2019 Intel Corporation.
 
 ZUC Crypto Poll Mode Driver
 ===========================
 
-The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver
-support for utilizing Intel Libsso library, which implements F8 and F9 functions
-for ZUC EEA3 cipher and EIA3 hash algorithms.
+The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver support for
+utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_
+which implements F8 and F9 functions for ZUC EEA3 cipher and EIA3 hash algorithms.
 
 Features
 --------
@@ -27,36 +27,46 @@ Limitations
 * Chained mbufs are not supported.
 * ZUC (EIA3) supported only if hash offset field is byte-aligned.
 * ZUC (EEA3) supported only if cipher length, cipher offset fields are byte-aligned.
-* ZUC PMD cannot be built as a shared library, due to limitations in
-  the underlying library.
 
 
 Installation
 ------------
 
-To build DPDK with the ZUC_PMD the user is required to download
-the export controlled ``libsso_zuc`` library, by registering in
-`Intel Resource & Design Center <https://www.intel.com/content/www/us/en/design/resource-design-center.html>`_.
-Once approval has been granted, the user needs to search for
-*ZUC 128-EAA3 and 128-EIA3 3GPP cryptographic algorithms Software Library* to download the
-library or directly through this `link <https://cdrdv2.intel.com/v1/dl/getContent/575868>`_.
+To build DPDK with the ZUC_PMD the user is required to download the multi-buffer
+library from `here <https://github.com/01org/intel-ipsec-mb>`_
+and compile it on their user system before building DPDK.
+The latest version of the library supported by this PMD is v0.53, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+
 After downloading the library, the user needs to unpack and compile it
-on their system before building DPDK::
+on their system before building DPDK:
+
+.. code-block:: console
+
+    make
+    make install
+
+As a reference, the following table shows a mapping between the past DPDK versions
+and the external crypto libraries supported by them:
+
+.. _table_zuc_versions:
+
+.. table:: DPDK and external crypto library version compatibility
+
+   =============  ================================
+   DPDK version   Crypto library version
+   =============  ================================
+   16.11 - 19.11  LibSSO ZUC
+   20.02+         Multi-buffer library 0.53
+   =============  ================================
 
-   make
 
 Initialization
 --------------
 
 In order to enable this virtual crypto PMD, user must:
 
-* Export the environmental variable LIBSSO_ZUC_PATH with the path where
-  the library was extracted (zuc folder).
-
-* Export the environmental variable LD_LIBRARY_PATH with the path
-  where the built libsso library is (LIBSSO_ZUC_PATH/build).
-
-* Build the LIBSSO_ZUC library (explained in Installation section).
+* Build the multi buffer library (explained in Installation section).
 
 * Build DPDK as follows:
 
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index 0eaa45a..4216e0b 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -56,6 +56,13 @@ New Features
      Also, make sure to start the actual text at the margin.
      =========================================================
 
+* **Updated the ZUC PMD.**
+
+  * Transistioned underlying library from libSSO ZUC to intel-ipsec-mb
+    library (minimum version required 0.53).
+  * Removed dynamic library limitation, so PMD can be built as a shared
+    object now.
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/zuc/Makefile b/drivers/crypto/zuc/Makefile
index a01bb6e..b50883b 100644
--- a/drivers/crypto/zuc/Makefile
+++ b/drivers/crypto/zuc/Makefile
@@ -1,14 +1,8 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2016 Intel Corporation
+# Copyright(c) 2016-2019 Intel Corporation
 
 include $(RTE_SDK)/mk/rte.vars.mk
 
-ifneq ($(MAKECMDGOALS),clean)
-ifeq ($(LIBSSO_ZUC_PATH),)
-$(error "Please define LIBSSO_ZUC_PATH environment variable")
-endif
-endif
-
 # library name
 LIB = librte_pmd_zuc.a
 
@@ -21,14 +15,26 @@ CFLAGS += -DALLOW_EXPERIMENTAL_API
 EXPORT_MAP := rte_pmd_zuc_version.map
 
 # external library dependencies
-CFLAGS += -I$(LIBSSO_ZUC_PATH)
-CFLAGS += -I$(LIBSSO_ZUC_PATH)/include
-CFLAGS += -I$(LIBSSO_ZUC_PATH)/build
-LDLIBS += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc
+LDLIBS += -lIPSec_MB
 LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring
 LDLIBS += -lrte_cryptodev
 LDLIBS += -lrte_bus_vdev
 
+IMB_HDR = $(shell echo '\#include <intel-ipsec-mb.h>' | \
+	$(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \
+	head -n1 | cut -d'"' -f2)
+
+# Detect library version
+IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2)
+IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3)
+
+ifeq ($(IMB_VERSION),)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
+ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
 # library source files
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += rte_zuc_pmd.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += rte_zuc_pmd_ops.c
diff --git a/drivers/crypto/zuc/meson.build b/drivers/crypto/zuc/meson.build
index b231de0..be3824c 100644
--- a/drivers/crypto/zuc/meson.build
+++ b/drivers/crypto/zuc/meson.build
@@ -1,11 +1,22 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2018 Intel Corporation
+# Copyright(c) 2018-2020 Intel Corporation
 
-lib = cc.find_library('sso_zuc', required: false)
-if not lib.found() or not cc.has_header('sso_zuc.h')
+IMB_required_ver = '0.53.0'
+lib = cc.find_library('IPSec_MB', required: false)
+if not lib.found()
 	build = false
-	reason = 'missing dependency, "libsso_zuc"'
-	subdir_done()
+	reason = 'missing dependency, "libIPSec_MB"'
+else
+	# version comes with quotes, so we split based on " and take the middle
+	imb_ver = cc.get_define('IMB_VERSION_STR',
+		prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
+
+	if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver))
+		reason = 'IPSec_MB version >= @0@ is required, found version @1@'.format(
+				IMB_required_ver, imb_ver)
+		build = false
+	endif
+
 endif
 
 allow_experimental_apis = true
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index 8e214cd..9e06ab7 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -11,7 +11,7 @@
 #include <rte_cpuflags.h>
 
 #include "zuc_pmd_private.h"
-#define ZUC_MAX_BURST 4
+#define ZUC_MAX_BURST 16
 #define BYTE_LEN 8
 
 static uint8_t cryptodev_driver_id;
@@ -170,16 +170,17 @@ zuc_get_session(struct zuc_qp *qp, struct rte_crypto_op *op)
 
 /** Encrypt/decrypt mbufs. */
 static uint8_t
-process_zuc_cipher_op(struct rte_crypto_op **ops,
+process_zuc_cipher_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 		struct zuc_session **sessions,
 		uint8_t num_ops)
 {
 	unsigned i;
 	uint8_t processed_ops = 0;
-	uint8_t *src[ZUC_MAX_BURST], *dst[ZUC_MAX_BURST];
-	uint8_t *iv[ZUC_MAX_BURST];
+	const void *src[ZUC_MAX_BURST];
+	void *dst[ZUC_MAX_BURST];
+	const void *iv[ZUC_MAX_BURST];
 	uint32_t num_bytes[ZUC_MAX_BURST];
-	uint8_t *cipher_keys[ZUC_MAX_BURST];
+	const void *cipher_keys[ZUC_MAX_BURST];
 	struct zuc_session *sess;
 
 	for (i = 0; i < num_ops; i++) {
@@ -222,7 +223,8 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 		processed_ops++;
 	}
 
-	sso_zuc_eea3_n_buffer(cipher_keys, iv, src, dst,
+	IMB_ZUC_EEA3_N_BUFFER(qp->mb_mgr, (const void **)cipher_keys,
+			(const void **)iv, (const void **)src, (void **)dst,
 			num_bytes, processed_ops);
 
 	return processed_ops;
@@ -262,7 +264,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 		if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint32_t *)qp->temp_digest;
 
-			sso_zuc_eia3_1_buffer(sess->pKey_hash,
+			IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash,
 					iv, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
@@ -272,7 +274,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 		} else  {
 			dst = (uint32_t *)ops[i]->sym->auth.digest.data;
 
-			sso_zuc_eia3_1_buffer(sess->pKey_hash,
+			IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash,
 					iv, src,
 					length_in_bits, dst);
 		}
@@ -294,7 +296,7 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type,
 
 	switch (op_type) {
 	case ZUC_OP_ONLY_CIPHER:
-		processed_ops = process_zuc_cipher_op(ops,
+		processed_ops = process_zuc_cipher_op(qp, ops,
 				sessions, num_ops);
 		break;
 	case ZUC_OP_ONLY_AUTH:
@@ -302,14 +304,14 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type,
 				num_ops);
 		break;
 	case ZUC_OP_CIPHER_AUTH:
-		processed_ops = process_zuc_cipher_op(ops, sessions,
+		processed_ops = process_zuc_cipher_op(qp, ops, sessions,
 				num_ops);
 		process_zuc_hash_op(qp, ops, sessions, processed_ops);
 		break;
 	case ZUC_OP_AUTH_CIPHER:
 		processed_ops = process_zuc_hash_op(qp, ops, sessions,
 				num_ops);
-		process_zuc_cipher_op(ops, sessions, processed_ops);
+		process_zuc_cipher_op(qp, ops, sessions, processed_ops);
 		break;
 	default:
 		/* Operation not supported. */
@@ -457,8 +459,7 @@ cryptodev_zuc_create(const char *name,
 {
 	struct rte_cryptodev *dev;
 	struct zuc_private *internals;
-	uint64_t cpu_flags = RTE_CRYPTODEV_FF_CPU_SSE;
-
+	MB_MGR *mb_mgr;
 
 	dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
 	if (dev == NULL) {
@@ -466,6 +467,27 @@ cryptodev_zuc_create(const char *name,
 		goto init_error;
 	}
 
+	dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
+			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING;
+
+	mb_mgr = alloc_mb_mgr(0);
+	if (mb_mgr == NULL)
+		return -ENOMEM;
+
+	if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX512F)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX512;
+		init_mb_mgr_avx512(mb_mgr);
+	} else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX2)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX2;
+		init_mb_mgr_avx2(mb_mgr);
+	} else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
+		init_mb_mgr_avx(mb_mgr);
+	} else {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
+		init_mb_mgr_sse(mb_mgr);
+	}
+
 	dev->driver_id = cryptodev_driver_id;
 	dev->dev_ops = rte_zuc_pmd_ops;
 
@@ -473,11 +495,8 @@ cryptodev_zuc_create(const char *name,
 	dev->dequeue_burst = zuc_pmd_dequeue_burst;
 	dev->enqueue_burst = zuc_pmd_enqueue_burst;
 
-	dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
-			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
-			cpu_flags;
-
 	internals = dev->data->dev_private;
+	internals->mb_mgr = mb_mgr;
 
 	internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs;
 
@@ -518,6 +537,7 @@ cryptodev_zuc_remove(struct rte_vdev_device *vdev)
 
 	struct rte_cryptodev *cryptodev;
 	const char *name;
+	struct zuc_private *internals;
 
 	name = rte_vdev_device_name(vdev);
 	if (name == NULL)
@@ -527,6 +547,10 @@ cryptodev_zuc_remove(struct rte_vdev_device *vdev)
 	if (cryptodev == NULL)
 		return -ENODEV;
 
+	internals = cryptodev->data->dev_private;
+
+	free_mb_mgr(internals->mb_mgr);
+
 	return rte_cryptodev_pmd_destroy(cryptodev);
 }
 
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index 62f8c6c..ddd0f92 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -201,6 +201,7 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		int socket_id)
 {
 	struct zuc_qp *qp = NULL;
+	struct zuc_private *internals = dev->data->dev_private;
 
 	/* Free memory prior to re-allocation if needed. */
 	if (dev->data->queue_pairs[qp_id] != NULL)
@@ -223,6 +224,7 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (qp->processed_ops == NULL)
 		goto qp_setup_cleanup;
 
+	qp->mb_mgr = internals->mb_mgr;
 	qp->sess_mp = qp_conf->mp_session;
 	qp->sess_mp_priv = qp_conf->mp_session_private;
 
diff --git a/drivers/crypto/zuc/zuc_pmd_private.h b/drivers/crypto/zuc/zuc_pmd_private.h
index 428efd4..47a8b08 100644
--- a/drivers/crypto/zuc/zuc_pmd_private.h
+++ b/drivers/crypto/zuc/zuc_pmd_private.h
@@ -5,7 +5,7 @@
 #ifndef _ZUC_PMD_PRIVATE_H_
 #define _ZUC_PMD_PRIVATE_H_
 
-#include <sso_zuc.h>
+#include <intel-ipsec-mb.h>
 
 #define CRYPTODEV_NAME_ZUC_PMD		crypto_zuc
 /**< KASUMI PMD device name */
@@ -24,6 +24,8 @@ int zuc_logtype_driver;
 struct zuc_private {
 	unsigned max_nb_queue_pairs;
 	/**< Max number of queue pairs supported by device */
+	MB_MGR *mb_mgr;
+	/**< Multi-buffer instance */
 };
 
 /** ZUC buffer queue pair */
@@ -45,6 +47,8 @@ struct zuc_qp {
 	 * by the driver when verifying a digest provided
 	 * by the user (using authentication verify operation)
 	 */
+	MB_MGR *mb_mgr;
+	/**< Multi-buffer instance */
 } __rte_cache_aligned;
 
 enum zuc_operation {
diff --git a/mk/rte.app.mk b/mk/rte.app.mk
index 05ea034..62724cc 100644
--- a/mk/rte.app.mk
+++ b/mk/rte.app.mk
@@ -272,7 +272,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -L$(LIBSSO_SNOW3G_PATH)/build -l
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lrte_pmd_kasumi
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lrte_pmd_zuc
-_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO)    += -lrte_pmd_armv8
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO)    += -L$(ARMV8_CRYPTO_LIB_PATH) -larmv8_crypto
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_MVSAM_CRYPTO) += -L$(LIBMUSDK_PATH)/lib -lrte_pmd_mvsam_crypto -lmusdk
-- 
2.7.5


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH v3 2/3] crypto/kasumi: use IPSec library
  2020-01-16 11:41   ` [dpdk-dev] [PATCH v3 " Pablo de Lara
  2020-01-16 11:41     ` [dpdk-dev] [PATCH v3 1/3] crypto/zuc: use IPSec library Pablo de Lara
@ 2020-01-16 11:41     ` Pablo de Lara
  2020-01-16 11:41     ` [dpdk-dev] [PATCH v3 3/3] crypto/snow3g: " Pablo de Lara
  2020-01-20 11:47     ` [dpdk-dev] [PATCH v4 0/3] Use Intel IPSec MB library in Wireless PMDs Pablo de Lara
  3 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2020-01-16 11:41 UTC (permalink / raw)
  To: akhil.goyal, declan.doherty, bruce.richardson; +Cc: dev, Pablo de Lara

Link against Intel IPSec Multi-buffer library, which
added support for KASUMI-F8 and KASUMI-F9 from version v0.53,
moving from libSSO KASUMI library.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 devtools/test-build.sh                     |  6 +--
 doc/guides/cryptodevs/kasumi.rst           | 62 ++++++++++++-----------
 doc/guides/rel_notes/release_20_02.rst     |  5 ++
 drivers/crypto/kasumi/Makefile             | 26 ++++++----
 drivers/crypto/kasumi/kasumi_pmd_private.h | 12 +++--
 drivers/crypto/kasumi/meson.build          | 21 ++++++--
 drivers/crypto/kasumi/rte_kasumi_pmd.c     | 79 +++++++++++++++++-------------
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c |  8 ++-
 mk/rte.app.mk                              |  2 +-
 9 files changed, 132 insertions(+), 89 deletions(-)

diff --git a/devtools/test-build.sh b/devtools/test-build.sh
index afa0748..56c744f 100755
--- a/devtools/test-build.sh
+++ b/devtools/test-build.sh
@@ -28,7 +28,6 @@ default_path=$PATH
 # - FLEXRAN_SDK
 # - LIBMUSDK_PATH
 # - LIBSSO_SNOW3G_PATH
-# - LIBSSO_KASUMI_PATH
 . $(dirname $(readlink -f $0))/load-devel-config
 
 print_usage () {
@@ -121,7 +120,6 @@ reset_env ()
 	unset FLEXRAN_SDK
 	unset LIBMUSDK_PATH
 	unset LIBSSO_SNOW3G_PATH
-	unset LIBSSO_KASUMI_PATH
 	unset PQOS_INSTALL_PATH
 }
 
@@ -183,10 +181,10 @@ config () # <directory> <target> <options>
 		sed -ri=""      's,(PMD_AESNI_GCM=)n,\1y,' $1/.config
 		test "$DPDK_DEP_IPSEC_MB" != y || \
 		sed -ri=""            's,(PMD_ZUC=)n,\1y,' $1/.config
+		test "$DPDK_DEP_IPSEC_MB" != y || \
+		sed -ri=""         's,(PMD_KASUMI=)n,\1y,' $1/.config
 		test -z "$LIBSSO_SNOW3G_PATH" || \
 		sed -ri=""         's,(PMD_SNOW3G=)n,\1y,' $1/.config
-		test -z "$LIBSSO_KASUMI_PATH" || \
-		sed -ri=""         's,(PMD_KASUMI=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
 		sed -ri=""            's,(PMD_CCP=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
diff --git a/doc/guides/cryptodevs/kasumi.rst b/doc/guides/cryptodevs/kasumi.rst
index 2265eee..6c86fe2 100644
--- a/doc/guides/cryptodevs/kasumi.rst
+++ b/doc/guides/cryptodevs/kasumi.rst
@@ -1,12 +1,12 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright(c) 2016 Intel Corporation.
+    Copyright(c) 2016-2019 Intel Corporation.
 
 KASUMI Crypto Poll Mode Driver
 ===============================
 
-The KASUMI PMD (**librte_pmd_kasumi**) provides poll mode crypto driver
-support for utilizing Intel Libsso library, which implements F8 and F9 functions
-for KASUMI UEA1 cipher and UIA1 hash algorithms.
+The KASUMI PMD (**librte_pmd_kasumi**) provides poll mode crypto driver support for
+utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_
+which implements F8 and F9 functions for KASUMI UEA1 cipher and UIA1 hash algorithms.
 
 Features
 --------
@@ -33,33 +33,33 @@ Limitations
 Installation
 ------------
 
-To build DPDK with the KASUMI_PMD the user is required to download
-the export controlled ``libsso_kasumi`` library, by registering in
-`Intel Resource & Design Center <https://www.intel.com/content/www/us/en/design/resource-design-center.html>`_.
-Once approval has been granted, the user needs to search for
-*Kasumi F8 F9 3GPP cryptographic algorithms Software Library* to download the
-library or directly through this `link <https://cdrdv2.intel.com/v1/dl/getContent/575866>`_.
+To build DPDK with the KASUMI_PMD the user is required to download the multi-buffer
+library from `here <https://github.com/01org/intel-ipsec-mb>`_
+and compile it on their user system before building DPDK.
+The latest version of the library supported by this PMD is v0.53, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+
 After downloading the library, the user needs to unpack and compile it
-on their system before building DPDK::
+on their system before building DPDK:
+
+.. code-block:: console
 
-   make
+    make
+    make install
 
-**Note**: When encrypting with KASUMI F8, by default the library
-encrypts full blocks of 8 bytes, regardless the number of bytes to
-be encrypted provided (which leads to a possible buffer overflow).
-To avoid this situation, it is necessary not to pass
-3GPP_SAFE_BUFFERS as a compilation flag.
-Also, this is required when using chained operations
-(cipher-then-auth/auth-then-cipher).
-For this, in the Makefile of the library, make sure that this flag
-is commented out::
+As a reference, the following table shows a mapping between the past DPDK versions
+and the external crypto libraries supported by them:
 
-  #EXTRA_CFLAGS  += -D_3GPP_SAFE_BUFFERS
+.. _table_kasumi_versions:
 
-**Note**: To build the PMD as a shared library, the libsso_kasumi
-library must be built as follows::
+.. table:: DPDK and external crypto library version compatibility
 
-  make KASUMI_CFLAGS=-DKASUMI_C
+   =============  ================================
+   DPDK version   Crypto library version
+   =============  ================================
+   16.11 - 19.11  LibSSO KASUMI
+   20.02+         Multi-buffer library 0.53
+   =============  ================================
 
 
 Initialization
@@ -67,12 +67,16 @@ Initialization
 
 In order to enable this virtual crypto PMD, user must:
 
-* Export the environmental variable LIBSSO_KASUMI_PATH with the path where
-  the library was extracted (kasumi folder).
+* Build the multi buffer library (explained in Installation section).
+
+* Build DPDK as follows:
+
+.. code-block:: console
 
-* Build the LIBSSO library (explained in Installation section).
+	make config T=x86_64-native-linux-gcc
+	sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_KASUMI\)=n,\1=y,' build/.config
+	make
 
-* Set CONFIG_RTE_LIBRTE_PMD_KASUMI=y in config/common_base.
 
 To use the PMD in an application, user must:
 
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index 4216e0b..a3f6154 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -63,6 +63,11 @@ New Features
   * Removed dynamic library limitation, so PMD can be built as a shared
     object now.
 
+* **Updated the KASUMI PMD.**
+
+  * Transistioned underlying library from libSSO KASUMI to intel-ipsec-mb
+    library (minimum version required 0.53).
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/kasumi/Makefile b/drivers/crypto/kasumi/Makefile
index 26f5137..c94d6bd 100644
--- a/drivers/crypto/kasumi/Makefile
+++ b/drivers/crypto/kasumi/Makefile
@@ -3,12 +3,6 @@
 
 include $(RTE_SDK)/mk/rte.vars.mk
 
-ifneq ($(MAKECMDGOALS),clean)
-ifeq ($(LIBSSO_KASUMI_PATH),)
-$(error "Please define LIBSSO_KASUMI_PATH environment variable")
-endif
-endif
-
 # library name
 LIB = librte_pmd_kasumi.a
 
@@ -21,14 +15,26 @@ CFLAGS += -DALLOW_EXPERIMENTAL_API
 EXPORT_MAP := rte_pmd_kasumi_version.map
 
 # external library dependencies
-CFLAGS += -I$(LIBSSO_KASUMI_PATH)
-CFLAGS += -I$(LIBSSO_KASUMI_PATH)/include
-CFLAGS += -I$(LIBSSO_KASUMI_PATH)/build
-LDLIBS += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi
+LDLIBS += -lIPSec_MB
 LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring
 LDLIBS += -lrte_cryptodev
 LDLIBS += -lrte_bus_vdev
 
+IMB_HDR = $(shell echo '\#include <intel-ipsec-mb.h>' | \
+	$(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \
+	head -n1 | cut -d'"' -f2)
+
+# Detect library version
+IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2)
+IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3)
+
+ifeq ($(IMB_VERSION),)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
+ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
 # library source files
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += rte_kasumi_pmd.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += rte_kasumi_pmd_ops.c
diff --git a/drivers/crypto/kasumi/kasumi_pmd_private.h b/drivers/crypto/kasumi/kasumi_pmd_private.h
index 7ac19c5..3b3a695 100644
--- a/drivers/crypto/kasumi/kasumi_pmd_private.h
+++ b/drivers/crypto/kasumi/kasumi_pmd_private.h
@@ -5,7 +5,7 @@
 #ifndef _KASUMI_PMD_PRIVATE_H_
 #define _KASUMI_PMD_PRIVATE_H_
 
-#include <sso_kasumi.h>
+#include <intel-ipsec-mb.h>
 
 #define CRYPTODEV_NAME_KASUMI_PMD	crypto_kasumi
 /**< KASUMI PMD device name */
@@ -24,6 +24,8 @@ int kasumi_logtype_driver;
 struct kasumi_private {
 	unsigned max_nb_queue_pairs;
 	/**< Max number of queue pairs supported by device */
+	MB_MGR *mgr;
+	/**< Multi-buffer instance */
 };
 
 /** KASUMI buffer queue pair */
@@ -45,6 +47,8 @@ struct kasumi_qp {
 	 * by the driver when verifying a digest provided
 	 * by the user (using authentication verify operation)
 	 */
+	MB_MGR *mgr;
+	/**< Multi-buffer instance */
 } __rte_cache_aligned;
 
 enum kasumi_operation {
@@ -58,8 +62,8 @@ enum kasumi_operation {
 /** KASUMI private session structure */
 struct kasumi_session {
 	/* Keys have to be 16-byte aligned */
-	sso_kasumi_key_sched_t pKeySched_cipher;
-	sso_kasumi_key_sched_t pKeySched_hash;
+	kasumi_key_sched_t pKeySched_cipher;
+	kasumi_key_sched_t pKeySched_hash;
 	enum kasumi_operation op;
 	enum rte_crypto_auth_operation auth_op;
 	uint16_t cipher_iv_offset;
@@ -67,7 +71,7 @@ struct kasumi_session {
 
 
 int
-kasumi_set_session_parameters(struct kasumi_session *sess,
+kasumi_set_session_parameters(MB_MGR *mgr, struct kasumi_session *sess,
 		const struct rte_crypto_sym_xform *xform);
 
 
diff --git a/drivers/crypto/kasumi/meson.build b/drivers/crypto/kasumi/meson.build
index 90a3c4f..7350f41 100644
--- a/drivers/crypto/kasumi/meson.build
+++ b/drivers/crypto/kasumi/meson.build
@@ -1,11 +1,22 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2018 Intel Corporation
+# Copyright(c) 2018-2020 Intel Corporation
 
-lib = cc.find_library('sso_kasumi', required: false)
-if not lib.found() or not cc.has_header('sso_kasumi.h')
+IMB_required_ver = '0.53.0'
+lib = cc.find_library('IPSec_MB', required: false)
+if not lib.found()
 	build = false
-	reason = 'missing dependency, "libsso_kasumi"'
-	subdir_done()
+	reason = 'missing dependency, "libIPSec_MB"'
+else
+	# version comes with quotes, so we split based on " and take the middle
+	imb_ver = cc.get_define('IMB_VERSION_STR',
+		prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
+
+	if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver))
+		reason = 'IPSec_MB version >= @0@ is required, found version @1@'.format(
+				IMB_required_ver, imb_ver)
+		build = false
+	endif
+
 endif
 
 allow_experimental_apis = true
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index d0583ef..baad5b4 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -54,7 +54,7 @@ kasumi_get_mode(const struct rte_crypto_sym_xform *xform)
 
 /** Parse crypto xform chain and set private session parameters. */
 int
-kasumi_set_session_parameters(struct kasumi_session *sess,
+kasumi_set_session_parameters(MB_MGR *mgr, struct kasumi_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
 	const struct rte_crypto_sym_xform *auth_xform = NULL;
@@ -97,7 +97,7 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		}
 
 		/* Initialize key */
-		sso_kasumi_init_f8_key_sched(cipher_xform->cipher.key.data,
+		IMB_KASUMI_INIT_F8_KEY_SCHED(mgr, cipher_xform->cipher.key.data,
 				&sess->pKeySched_cipher);
 	}
 
@@ -116,7 +116,7 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		sess->auth_op = auth_xform->auth.op;
 
 		/* Initialize key */
-		sso_kasumi_init_f9_key_sched(auth_xform->auth.key.data,
+		IMB_KASUMI_INIT_F9_KEY_SCHED(mgr, auth_xform->auth.key.data,
 				&sess->pKeySched_hash);
 	}
 
@@ -151,7 +151,7 @@ kasumi_get_session(struct kasumi_qp *qp, struct rte_crypto_op *op)
 
 		sess = (struct kasumi_session *)_sess_private_data;
 
-		if (unlikely(kasumi_set_session_parameters(sess,
+		if (unlikely(kasumi_set_session_parameters(qp->mgr, sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
 			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
@@ -170,13 +170,13 @@ kasumi_get_session(struct kasumi_qp *qp, struct rte_crypto_op *op)
 
 /** Encrypt/decrypt mbufs with same cipher key. */
 static uint8_t
-process_kasumi_cipher_op(struct rte_crypto_op **ops,
-		struct kasumi_session *session,
-		uint8_t num_ops)
+process_kasumi_cipher_op(struct kasumi_qp *qp, struct rte_crypto_op **ops,
+		struct kasumi_session *session, uint8_t num_ops)
 {
 	unsigned i;
 	uint8_t processed_ops = 0;
-	uint8_t *src[num_ops], *dst[num_ops];
+	const void *src[num_ops];
+	void *dst[num_ops];
 	uint8_t *iv_ptr;
 	uint64_t iv[num_ops];
 	uint32_t num_bytes[num_ops];
@@ -198,7 +198,7 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 	}
 
 	if (processed_ops != 0)
-		sso_kasumi_f8_n_buffer(&session->pKeySched_cipher, iv,
+		IMB_KASUMI_F8_N_BUFFER(qp->mgr, &session->pKeySched_cipher, iv,
 			src, dst, num_bytes, processed_ops);
 
 	return processed_ops;
@@ -206,7 +206,7 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 
 /** Encrypt/decrypt mbuf (bit level function). */
 static uint8_t
-process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
+process_kasumi_cipher_op_bit(struct kasumi_qp *qp, struct rte_crypto_op *op,
 		struct kasumi_session *session)
 {
 	uint8_t *src, *dst;
@@ -216,18 +216,16 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 
 	offset_in_bits = op->sym->cipher.data.offset;
 	src = rte_pktmbuf_mtod(op->sym->m_src, uint8_t *);
-	if (op->sym->m_dst == NULL) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-		KASUMI_LOG(ERR, "bit-level in-place not supported");
-		return 0;
-	}
-	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
+	if (op->sym->m_dst == NULL)
+		dst = src;
+	else
+		dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
 	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
 			session->cipher_iv_offset);
 	iv = *((uint64_t *)(iv_ptr));
 	length_in_bits = op->sym->cipher.data.length;
 
-	sso_kasumi_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
+	IMB_KASUMI_F8_1_BUFFER_BIT(qp->mgr, &session->pKeySched_cipher, iv,
 			src, dst, length_in_bits, offset_in_bits);
 
 	return 1;
@@ -262,7 +260,8 @@ process_kasumi_hash_op(struct kasumi_qp *qp, struct rte_crypto_op **ops,
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = qp->temp_digest;
-			sso_kasumi_f9_1_buffer(&session->pKeySched_hash, src,
+			IMB_KASUMI_F9_1_BUFFER(qp->mgr,
+					&session->pKeySched_hash, src,
 					num_bytes, dst);
 
 			/* Verify digest. */
@@ -272,7 +271,8 @@ process_kasumi_hash_op(struct kasumi_qp *qp, struct rte_crypto_op **ops,
 		} else  {
 			dst = ops[i]->sym->auth.digest.data;
 
-			sso_kasumi_f9_1_buffer(&session->pKeySched_hash, src,
+			IMB_KASUMI_F9_1_BUFFER(qp->mgr,
+					&session->pKeySched_hash, src,
 					num_bytes, dst);
 		}
 		processed_ops++;
@@ -292,7 +292,7 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
 
 	switch (session->op) {
 	case KASUMI_OP_ONLY_CIPHER:
-		processed_ops = process_kasumi_cipher_op(ops,
+		processed_ops = process_kasumi_cipher_op(qp, ops,
 				session, num_ops);
 		break;
 	case KASUMI_OP_ONLY_AUTH:
@@ -300,14 +300,14 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
 				num_ops);
 		break;
 	case KASUMI_OP_CIPHER_AUTH:
-		processed_ops = process_kasumi_cipher_op(ops, session,
+		processed_ops = process_kasumi_cipher_op(qp, ops, session,
 				num_ops);
 		process_kasumi_hash_op(qp, ops, session, processed_ops);
 		break;
 	case KASUMI_OP_AUTH_CIPHER:
 		processed_ops = process_kasumi_hash_op(qp, ops, session,
 				num_ops);
-		process_kasumi_cipher_op(ops, session, processed_ops);
+		process_kasumi_cipher_op(qp, ops, session, processed_ops);
 		break;
 	default:
 		/* Operation not supported. */
@@ -350,21 +350,21 @@ process_op_bit(struct rte_crypto_op *op, struct kasumi_session *session,
 
 	switch (session->op) {
 	case KASUMI_OP_ONLY_CIPHER:
-		processed_op = process_kasumi_cipher_op_bit(op,
+		processed_op = process_kasumi_cipher_op_bit(qp, op,
 				session);
 		break;
 	case KASUMI_OP_ONLY_AUTH:
 		processed_op = process_kasumi_hash_op(qp, &op, session, 1);
 		break;
 	case KASUMI_OP_CIPHER_AUTH:
-		processed_op = process_kasumi_cipher_op_bit(op, session);
+		processed_op = process_kasumi_cipher_op_bit(qp, op, session);
 		if (processed_op == 1)
 			process_kasumi_hash_op(qp, &op, session, 1);
 		break;
 	case KASUMI_OP_AUTH_CIPHER:
 		processed_op = process_kasumi_hash_op(qp, &op, session, 1);
 		if (processed_op == 1)
-			process_kasumi_cipher_op_bit(op, session);
+			process_kasumi_cipher_op_bit(qp, op, session);
 		break;
 	default:
 		/* Operation not supported. */
@@ -533,7 +533,7 @@ cryptodev_kasumi_create(const char *name,
 {
 	struct rte_cryptodev *dev;
 	struct kasumi_private *internals;
-	uint64_t cpu_flags = 0;
+	MB_MGR *mgr;
 
 	dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
 	if (dev == NULL) {
@@ -541,12 +541,6 @@ cryptodev_kasumi_create(const char *name,
 		goto init_error;
 	}
 
-	/* Check CPU for supported vector instruction set */
-	if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX))
-		cpu_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
-	else
-		cpu_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
-
 	dev->driver_id = cryptodev_driver_id;
 	dev->dev_ops = rte_kasumi_pmd_ops;
 
@@ -555,12 +549,24 @@ cryptodev_kasumi_create(const char *name,
 	dev->enqueue_burst = kasumi_pmd_enqueue_burst;
 
 	dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
-			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
-			cpu_flags;
+			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING;
+
+	mgr = alloc_mb_mgr(0);
+	if (mgr == NULL)
+		return -ENOMEM;
+
+	if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
+		init_mb_mgr_avx(mgr);
+	} else {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
+		init_mb_mgr_sse(mgr);
+	}
 
 	internals = dev->data->dev_private;
 
 	internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs;
+	internals->mgr = mgr;
 
 	return 0;
 init_error:
@@ -598,6 +604,7 @@ cryptodev_kasumi_remove(struct rte_vdev_device *vdev)
 {
 	struct rte_cryptodev *cryptodev;
 	const char *name;
+	struct kasumi_private *internals;
 
 	name = rte_vdev_device_name(vdev);
 	if (name == NULL)
@@ -607,6 +614,10 @@ cryptodev_kasumi_remove(struct rte_vdev_device *vdev)
 	if (cryptodev == NULL)
 		return -ENODEV;
 
+	internals = cryptodev->data->dev_private;
+
+	free_mb_mgr(internals->mgr);
+
 	return rte_cryptodev_pmd_destroy(cryptodev);
 }
 
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
index 5ce4953..55fbe00 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
@@ -195,6 +195,7 @@ kasumi_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		int socket_id)
 {
 	struct kasumi_qp *qp = NULL;
+	struct kasumi_private *internals = dev->data->dev_private;
 
 	/* Free memory prior to re-allocation if needed. */
 	if (dev->data->queue_pairs[qp_id] != NULL)
@@ -217,6 +218,7 @@ kasumi_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (qp->processed_ops == NULL)
 		goto qp_setup_cleanup;
 
+	qp->mgr = internals->mgr;
 	qp->sess_mp = qp_conf->mp_session;
 	qp->sess_mp_priv = qp_conf->mp_session_private;
 
@@ -246,13 +248,14 @@ kasumi_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 
 /** Configure a KASUMI session from a crypto xform chain */
 static int
-kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
+kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
 		struct rte_cryptodev_sym_session *sess,
 		struct rte_mempool *mempool)
 {
 	void *sess_private_data;
 	int ret;
+	struct kasumi_private *internals = dev->data->dev_private;
 
 	if (unlikely(sess == NULL)) {
 		KASUMI_LOG(ERR, "invalid session struct");
@@ -265,7 +268,8 @@ kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -ENOMEM;
 	}
 
-	ret = kasumi_set_session_parameters(sess_private_data, xform);
+	ret = kasumi_set_session_parameters(internals->mgr,
+					sess_private_data, xform);
 	if (ret != 0) {
 		KASUMI_LOG(ERR, "failed configure session parameters");
 
diff --git a/mk/rte.app.mk b/mk/rte.app.mk
index 62724cc..a8163f1 100644
--- a/mk/rte.app.mk
+++ b/mk/rte.app.mk
@@ -270,7 +270,7 @@ endif # CONFIG_RTE_LIBRTE_PMD_QAT
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -lrte_pmd_snow3g
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -L$(LIBSSO_SNOW3G_PATH)/build -lsso_snow3g
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lrte_pmd_kasumi
-_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lrte_pmd_zuc
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO)    += -lrte_pmd_armv8
-- 
2.7.5


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH v3 3/3] crypto/snow3g: use IPSec library
  2020-01-16 11:41   ` [dpdk-dev] [PATCH v3 " Pablo de Lara
  2020-01-16 11:41     ` [dpdk-dev] [PATCH v3 1/3] crypto/zuc: use IPSec library Pablo de Lara
  2020-01-16 11:41     ` [dpdk-dev] [PATCH v3 2/3] crypto/kasumi: " Pablo de Lara
@ 2020-01-16 11:41     ` Pablo de Lara
  2020-01-20 11:47     ` [dpdk-dev] [PATCH v4 0/3] Use Intel IPSec MB library in Wireless PMDs Pablo de Lara
  3 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2020-01-16 11:41 UTC (permalink / raw)
  To: akhil.goyal, declan.doherty, bruce.richardson; +Cc: dev, Pablo de Lara

Link against Intel IPSec Multi-buffer library, which
added support for SNOW3G-UEA2 and SNOW3G-UIA2 from version v0.53,
moving from libSSO SNOW3G library.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 devtools/test-build.sh                     |  4 +-
 doc/guides/cryptodevs/snow3g.rst           | 58 +++++++++++---------
 doc/guides/rel_notes/release_20_02.rst     |  5 ++
 drivers/crypto/snow3g/Makefile             | 29 ++++++----
 drivers/crypto/snow3g/meson.build          | 21 ++++++--
 drivers/crypto/snow3g/rte_snow3g_pmd.c     | 85 ++++++++++++++++++------------
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c |  8 ++-
 drivers/crypto/snow3g/snow3g_pmd_private.h | 14 +++--
 mk/rte.app.mk                              |  2 +-
 9 files changed, 140 insertions(+), 86 deletions(-)

diff --git a/devtools/test-build.sh b/devtools/test-build.sh
index 56c744f..7bdd35e 100755
--- a/devtools/test-build.sh
+++ b/devtools/test-build.sh
@@ -27,7 +27,6 @@ default_path=$PATH
 # - DPDK_NOTIFY (notify-send)
 # - FLEXRAN_SDK
 # - LIBMUSDK_PATH
-# - LIBSSO_SNOW3G_PATH
 . $(dirname $(readlink -f $0))/load-devel-config
 
 print_usage () {
@@ -119,7 +118,6 @@ reset_env ()
 	unset ARMV8_CRYPTO_LIB_PATH
 	unset FLEXRAN_SDK
 	unset LIBMUSDK_PATH
-	unset LIBSSO_SNOW3G_PATH
 	unset PQOS_INSTALL_PATH
 }
 
@@ -183,7 +181,7 @@ config () # <directory> <target> <options>
 		sed -ri=""            's,(PMD_ZUC=)n,\1y,' $1/.config
 		test "$DPDK_DEP_IPSEC_MB" != y || \
 		sed -ri=""         's,(PMD_KASUMI=)n,\1y,' $1/.config
-		test -z "$LIBSSO_SNOW3G_PATH" || \
+		test "$DPDK_DEP_IPSEC_MB" != y || \
 		sed -ri=""         's,(PMD_SNOW3G=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
 		sed -ri=""            's,(PMD_CCP=)n,\1y,' $1/.config
diff --git a/doc/guides/cryptodevs/snow3g.rst b/doc/guides/cryptodevs/snow3g.rst
index 7cba712..d45bcad 100644
--- a/doc/guides/cryptodevs/snow3g.rst
+++ b/doc/guides/cryptodevs/snow3g.rst
@@ -1,12 +1,12 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright(c) 2016 Intel Corporation.
+    Copyright(c) 2016-2019 Intel Corporation.
 
 SNOW 3G Crypto Poll Mode Driver
 ===============================
 
-The SNOW 3G PMD (**librte_pmd_snow3g**) provides poll mode crypto driver
-support for utilizing Intel Libsso library, which implements F8 and F9 functions
-for SNOW 3G UEA2 cipher and UIA2 hash algorithms.
+The SNOW3G PMD (**librte_snow3g_zuc**) provides poll mode crypto driver support for
+utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_
+which implements F8 and F8 functions for SNOW 3G UEA2 cipher and UIA2 hash algorithms.
 
 Features
 --------
@@ -32,26 +32,33 @@ Limitations
 Installation
 ------------
 
-To build DPDK with the SNOW3G_PMD the user is required to download
-the export controlled ``libsso_snow3g`` library, by registering in
-`Intel Resource & Design Center <https://www.intel.com/content/www/us/en/design/resource-design-center.html>`_.
-Once approval has been granted, the user needs to search for
-*Snow3G F8 F9 3GPP cryptographic algorithms Software Library* to download the
-library or directly through this `link <https://cdrdv2.intel.com/v1/dl/getContent/575867>`_.
+To build DPDK with the SNOW3G_PMD the user is required to download the multi-buffer
+library from `here <https://github.com/01org/intel-ipsec-mb>`_
+and compile it on their user system before building DPDK.
+The latest version of the library supported by this PMD is v0.53, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+
 After downloading the library, the user needs to unpack and compile it
-on their system before building DPDK::
+on their system before building DPDK:
+
+.. code-block:: console
+
+    make
+    make install
 
-   make snow3G
+As a reference, the following table shows a mapping between the past DPDK versions
+and the external crypto libraries supported by them:
 
-**Note**: When encrypting with SNOW3G UEA2, by default the library
-encrypts blocks of 4 bytes, regardless the number of bytes to
-be encrypted provided (which leads to a possible buffer overflow).
-To avoid this situation, it is necessary not to pass
-3GPP_SAFE_BUFFERS as a compilation flag.
-For this, in the Makefile of the library, make sure that this flag
-is commented out.::
+.. _table_zuc_versions:
 
-  #EXTRA_CFLAGS  += -D_3GPP_SAFE_BUFFERS
+.. table:: DPDK and external crypto library version compatibility
+
+   =============  ================================
+   DPDK version   Crypto library version
+   =============  ================================
+   16.04 - 19.11  LibSSO SNOW3G
+   20.02+         Multi-buffer library 0.53
+   =============  ================================
 
 
 Initialization
@@ -59,12 +66,15 @@ Initialization
 
 In order to enable this virtual crypto PMD, user must:
 
-* Export the environmental variable LIBSSO_SNOW3G_PATH with the path where
-  the library was extracted (snow3g folder).
+* Build the multi buffer library (explained in Installation section).
+
+* Build DPDK as follows:
 
-* Build the LIBSSO_SNOW3G library (explained in Installation section).
+.. code-block:: console
 
-* Set CONFIG_RTE_LIBRTE_PMD_SNOW3G=y in config/common_base.
+	make config T=x86_64-native-linux-gcc
+	sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_SNOW3G\)=n,\1=y,' build/.config
+	make
 
 To use the PMD in an application, user must:
 
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index a3f6154..2532b21 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -68,6 +68,11 @@ New Features
   * Transistioned underlying library from libSSO KASUMI to intel-ipsec-mb
     library (minimum version required 0.53).
 
+* **Updated the SNOW3G PMD.**
+
+  * Transistioned underlying library from libSSO SNOW3G to intel-ipsec-mb
+    library (minimum version required 0.53).
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/snow3g/Makefile b/drivers/crypto/snow3g/Makefile
index 4086c57..438119c 100644
--- a/drivers/crypto/snow3g/Makefile
+++ b/drivers/crypto/snow3g/Makefile
@@ -1,14 +1,8 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2016 Intel Corporation
+# Copyright(c) 2016-2019 Intel Corporation
 
 include $(RTE_SDK)/mk/rte.vars.mk
 
-ifneq ($(MAKECMDGOALS),clean)
-ifeq ($(LIBSSO_SNOW3G_PATH),)
-$(error "Please define LIBSSO_SNOW3G_PATH environment variable")
-endif
-endif
-
 # library name
 LIB = librte_pmd_snow3g.a
 
@@ -21,14 +15,27 @@ CFLAGS += -DALLOW_EXPERIMENTAL_API
 EXPORT_MAP := rte_pmd_snow3g_version.map
 
 # external library dependencies
-CFLAGS += -I$(LIBSSO_SNOW3G_PATH)
-CFLAGS += -I$(LIBSSO_SNOW3G_PATH)/include
-CFLAGS += -I$(LIBSSO_SNOW3G_PATH)/build
-LDLIBS += -L$(LIBSSO_SNOW3G_PATH)/build -lsso_snow3g
+LDLIBS += -lIPSec_MB
 LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring
 LDLIBS += -lrte_cryptodev
 LDLIBS += -lrte_bus_vdev
 
+IMB_HDR = $(shell echo '\#include <intel-ipsec-mb.h>' | \
+	$(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \
+	head -n1 | cut -d'"' -f2)
+
+# Detect library version
+IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2)
+IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3)
+
+ifeq ($(IMB_VERSION),)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
+ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
 # library source files
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += rte_snow3g_pmd.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += rte_snow3g_pmd_ops.c
diff --git a/drivers/crypto/snow3g/meson.build b/drivers/crypto/snow3g/meson.build
index 0e8742a..9d93cbe 100644
--- a/drivers/crypto/snow3g/meson.build
+++ b/drivers/crypto/snow3g/meson.build
@@ -1,11 +1,22 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2019 Intel Corporation
+# Copyright(c) 2019-2020 Intel Corporation
 
-lib = cc.find_library('sso_snow3g', required: false)
-if not lib.found() or not cc.has_header('sso_snow3g.h')
+IMB_required_ver = '0.53.0'
+lib = cc.find_library('IPSec_MB', required: false)
+if not lib.found()
 	build = false
-	reason = 'missing dependency, "libsso_snow3g"'
-	subdir_done()
+	reason = 'missing dependency, "libIPSec_MB"'
+else
+	# version comes with quotes, so we split based on " and take the middle
+	imb_ver = cc.get_define('IMB_VERSION_STR',
+		prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
+
+	if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver))
+                reason = 'IPSec_MB version >= @0@ is required, found version @1@'.format(
+				IMB_required_ver, imb_ver)
+		build = false
+	endif
+
 endif
 
 allow_experimental_apis = true
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 9d07e1a..d72112b 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -53,7 +53,7 @@ snow3g_get_mode(const struct rte_crypto_sym_xform *xform)
 
 /** Parse crypto xform chain and set private session parameters. */
 int
-snow3g_set_session_parameters(struct snow3g_session *sess,
+snow3g_set_session_parameters(MB_MGR *mgr, struct snow3g_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
 	const struct rte_crypto_sym_xform *auth_xform = NULL;
@@ -84,8 +84,6 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 	}
 
 	if (cipher_xform) {
-		uint8_t cipher_key[SNOW3G_MAX_KEY_SIZE];
-
 		/* Only SNOW 3G UEA2 supported */
 		if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_SNOW3G_UEA2)
 			return -ENOTSUP;
@@ -102,14 +100,11 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 		sess->cipher_iv_offset = cipher_xform->cipher.iv.offset;
 
 		/* Initialize key */
-		memcpy(cipher_key, cipher_xform->cipher.key.data,
-				cipher_xform->cipher.key.length);
-		sso_snow3g_init_key_sched(cipher_key, &sess->pKeySched_cipher);
+		IMB_SNOW3G_INIT_KEY_SCHED(mgr, cipher_xform->cipher.key.data,
+					&sess->pKeySched_cipher);
 	}
 
 	if (auth_xform) {
-		uint8_t auth_key[SNOW3G_MAX_KEY_SIZE];
-
 		/* Only SNOW 3G UIA2 supported */
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_SNOW3G_UIA2)
 			return -ENOTSUP;
@@ -132,12 +127,10 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 		sess->auth_iv_offset = auth_xform->auth.iv.offset;
 
 		/* Initialize key */
-		memcpy(auth_key, auth_xform->auth.key.data,
-				auth_xform->auth.key.length);
-		sso_snow3g_init_key_sched(auth_key, &sess->pKeySched_hash);
+		IMB_SNOW3G_INIT_KEY_SCHED(mgr, auth_xform->auth.key.data,
+					&sess->pKeySched_hash);
 	}
 
-
 	sess->op = mode;
 
 	return 0;
@@ -168,7 +161,7 @@ snow3g_get_session(struct snow3g_qp *qp, struct rte_crypto_op *op)
 
 		sess = (struct snow3g_session *)_sess_private_data;
 
-		if (unlikely(snow3g_set_session_parameters(sess,
+		if (unlikely(snow3g_set_session_parameters(qp->mgr, sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
 			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
@@ -188,14 +181,15 @@ snow3g_get_session(struct snow3g_qp *qp, struct rte_crypto_op *op)
 
 /** Encrypt/decrypt mbufs with same cipher key. */
 static uint8_t
-process_snow3g_cipher_op(struct rte_crypto_op **ops,
+process_snow3g_cipher_op(struct snow3g_qp *qp, struct rte_crypto_op **ops,
 		struct snow3g_session *session,
 		uint8_t num_ops)
 {
 	unsigned i;
 	uint8_t processed_ops = 0;
-	uint8_t *src[SNOW3G_MAX_BURST], *dst[SNOW3G_MAX_BURST];
-	uint8_t *iv[SNOW3G_MAX_BURST];
+	const void *src[SNOW3G_MAX_BURST];
+	void *dst[SNOW3G_MAX_BURST];
+	const void *iv[SNOW3G_MAX_BURST];
 	uint32_t num_bytes[SNOW3G_MAX_BURST];
 
 	for (i = 0; i < num_ops; i++) {
@@ -213,15 +207,16 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 		processed_ops++;
 	}
 
-	sso_snow3g_f8_n_buffer(&session->pKeySched_cipher, iv, src, dst,
-			num_bytes, processed_ops);
+	IMB_SNOW3G_F8_N_BUFFER(qp->mgr, &session->pKeySched_cipher, iv,
+			src, dst, num_bytes, processed_ops);
 
 	return processed_ops;
 }
 
 /** Encrypt/decrypt mbuf (bit level function). */
 static uint8_t
-process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
+process_snow3g_cipher_op_bit(struct snow3g_qp *qp,
+		struct rte_crypto_op *op,
 		struct snow3g_session *session)
 {
 	uint8_t *src, *dst;
@@ -240,7 +235,7 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 				session->cipher_iv_offset);
 	length_in_bits = op->sym->cipher.data.length;
 
-	sso_snow3g_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
+	IMB_SNOW3G_F8_1_BUFFER_BIT(qp->mgr, &session->pKeySched_cipher, iv,
 			src, dst, length_in_bits, offset_in_bits);
 
 	return 1;
@@ -276,9 +271,9 @@ process_snow3g_hash_op(struct snow3g_qp *qp, struct rte_crypto_op **ops,
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = qp->temp_digest;
 
-			sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
-					iv, src,
-					length_in_bits,	dst);
+			IMB_SNOW3G_F9_1_BUFFER(qp->mgr,
+					&session->pKeySched_hash,
+					iv, src, length_in_bits, dst);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
 					SNOW3G_DIGEST_LENGTH) != 0)
@@ -286,9 +281,9 @@ process_snow3g_hash_op(struct snow3g_qp *qp, struct rte_crypto_op **ops,
 		} else  {
 			dst = ops[i]->sym->auth.digest.data;
 
-			sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
-					iv, src,
-					length_in_bits, dst);
+			IMB_SNOW3G_F9_1_BUFFER(qp->mgr,
+					&session->pKeySched_hash,
+					iv, src, length_in_bits, dst);
 		}
 		processed_ops++;
 	}
@@ -322,7 +317,7 @@ process_ops(struct rte_crypto_op **ops, struct snow3g_session *session,
 
 	switch (session->op) {
 	case SNOW3G_OP_ONLY_CIPHER:
-		processed_ops = process_snow3g_cipher_op(ops,
+		processed_ops = process_snow3g_cipher_op(qp, ops,
 				session, num_ops);
 		break;
 	case SNOW3G_OP_ONLY_AUTH:
@@ -330,14 +325,14 @@ process_ops(struct rte_crypto_op **ops, struct snow3g_session *session,
 				num_ops);
 		break;
 	case SNOW3G_OP_CIPHER_AUTH:
-		processed_ops = process_snow3g_cipher_op(ops, session,
+		processed_ops = process_snow3g_cipher_op(qp, ops, session,
 				num_ops);
 		process_snow3g_hash_op(qp, ops, session, processed_ops);
 		break;
 	case SNOW3G_OP_AUTH_CIPHER:
 		processed_ops = process_snow3g_hash_op(qp, ops, session,
 				num_ops);
-		process_snow3g_cipher_op(ops, session, processed_ops);
+		process_snow3g_cipher_op(qp, ops, session, processed_ops);
 		break;
 	default:
 		/* Operation not supported. */
@@ -380,21 +375,21 @@ process_op_bit(struct rte_crypto_op *op, struct snow3g_session *session,
 
 	switch (session->op) {
 	case SNOW3G_OP_ONLY_CIPHER:
-		processed_op = process_snow3g_cipher_op_bit(op,
+		processed_op = process_snow3g_cipher_op_bit(qp, op,
 				session);
 		break;
 	case SNOW3G_OP_ONLY_AUTH:
 		processed_op = process_snow3g_hash_op(qp, &op, session, 1);
 		break;
 	case SNOW3G_OP_CIPHER_AUTH:
-		processed_op = process_snow3g_cipher_op_bit(op, session);
+		processed_op = process_snow3g_cipher_op_bit(qp, op, session);
 		if (processed_op == 1)
 			process_snow3g_hash_op(qp, &op, session, 1);
 		break;
 	case SNOW3G_OP_AUTH_CIPHER:
 		processed_op = process_snow3g_hash_op(qp, &op, session, 1);
 		if (processed_op == 1)
-			process_snow3g_cipher_op_bit(op, session);
+			process_snow3g_cipher_op_bit(qp, op, session);
 		break;
 	default:
 		/* Operation not supported. */
@@ -550,7 +545,7 @@ cryptodev_snow3g_create(const char *name,
 {
 	struct rte_cryptodev *dev;
 	struct snow3g_private *internals;
-	uint64_t cpu_flags = RTE_CRYPTODEV_FF_CPU_SSE;
+	MB_MGR *mgr;
 
 	dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
 	if (dev == NULL) {
@@ -566,10 +561,25 @@ cryptodev_snow3g_create(const char *name,
 	dev->enqueue_burst = snow3g_pmd_enqueue_burst;
 
 	dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
-			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
-			cpu_flags;
+			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING;
+
+	mgr = alloc_mb_mgr(0);
+	if (mgr == NULL)
+		return -ENOMEM;
+
+	if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX2)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX2;
+		init_mb_mgr_avx2(mgr);
+	} else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
+		init_mb_mgr_avx(mgr);
+	} else {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
+		init_mb_mgr_sse(mgr);
+	}
 
 	internals = dev->data->dev_private;
+	internals->mgr = mgr;
 
 	internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs;
 
@@ -609,6 +619,7 @@ cryptodev_snow3g_remove(struct rte_vdev_device *vdev)
 {
 	struct rte_cryptodev *cryptodev;
 	const char *name;
+	struct snow3g_private *internals;
 
 	name = rte_vdev_device_name(vdev);
 	if (name == NULL)
@@ -618,6 +629,10 @@ cryptodev_snow3g_remove(struct rte_vdev_device *vdev)
 	if (cryptodev == NULL)
 		return -ENODEV;
 
+	internals = cryptodev->data->dev_private;
+
+	free_mb_mgr(internals->mgr);
+
 	return rte_cryptodev_pmd_destroy(cryptodev);
 }
 
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
index 8778f28..ea76637 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
@@ -201,6 +201,7 @@ snow3g_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		int socket_id)
 {
 	struct snow3g_qp *qp = NULL;
+	struct snow3g_private *internals = dev->data->dev_private;
 
 	/* Free memory prior to re-allocation if needed. */
 	if (dev->data->queue_pairs[qp_id] != NULL)
@@ -223,6 +224,7 @@ snow3g_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (qp->processed_ops == NULL)
 		goto qp_setup_cleanup;
 
+	qp->mgr = internals->mgr;
 	qp->sess_mp = qp_conf->mp_session;
 	qp->sess_mp_priv = qp_conf->mp_session_private;
 
@@ -253,13 +255,14 @@ snow3g_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 
 /** Configure a SNOW 3G session from a crypto xform chain */
 static int
-snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
+snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
 		struct rte_cryptodev_sym_session *sess,
 		struct rte_mempool *mempool)
 {
 	void *sess_private_data;
 	int ret;
+	struct snow3g_private *internals = dev->data->dev_private;
 
 	if (unlikely(sess == NULL)) {
 		SNOW3G_LOG(ERR, "invalid session struct");
@@ -272,7 +275,8 @@ snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -ENOMEM;
 	}
 
-	ret = snow3g_set_session_parameters(sess_private_data, xform);
+	ret = snow3g_set_session_parameters(internals->mgr,
+					sess_private_data, xform);
 	if (ret != 0) {
 		SNOW3G_LOG(ERR, "failed configure session parameters");
 
diff --git a/drivers/crypto/snow3g/snow3g_pmd_private.h b/drivers/crypto/snow3g/snow3g_pmd_private.h
index 1fe05eb..2074f3d 100644
--- a/drivers/crypto/snow3g/snow3g_pmd_private.h
+++ b/drivers/crypto/snow3g/snow3g_pmd_private.h
@@ -1,11 +1,11 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright(c) 2016-2018 Intel Corporation
+ * Copyright(c) 2016-2019 Intel Corporation
  */
 
 #ifndef _SNOW3G_PMD_PRIVATE_H_
 #define _SNOW3G_PMD_PRIVATE_H_
 
-#include <sso_snow3g.h>
+#include <intel-ipsec-mb.h>
 
 #define CRYPTODEV_NAME_SNOW3G_PMD	crypto_snow3g
 /**< SNOW 3G PMD device name */
@@ -25,6 +25,8 @@ int snow3g_logtype_driver;
 struct snow3g_private {
 	unsigned max_nb_queue_pairs;
 	/**< Max number of queue pairs supported by device */
+	MB_MGR *mgr;
+	/**< Multi-buffer instance */
 };
 
 /** SNOW 3G buffer queue pair */
@@ -46,6 +48,8 @@ struct snow3g_qp {
 	 * by the driver when verifying a digest provided
 	 * by the user (using authentication verify operation)
 	 */
+	MB_MGR *mgr;
+	/**< Multi-buffer instance */
 } __rte_cache_aligned;
 
 enum snow3g_operation {
@@ -60,15 +64,15 @@ enum snow3g_operation {
 struct snow3g_session {
 	enum snow3g_operation op;
 	enum rte_crypto_auth_operation auth_op;
-	sso_snow3g_key_schedule_t pKeySched_cipher;
-	sso_snow3g_key_schedule_t pKeySched_hash;
+	snow3g_key_schedule_t pKeySched_cipher;
+	snow3g_key_schedule_t pKeySched_hash;
 	uint16_t cipher_iv_offset;
 	uint16_t auth_iv_offset;
 } __rte_cache_aligned;
 
 
 extern int
-snow3g_set_session_parameters(struct snow3g_session *sess,
+snow3g_set_session_parameters(MB_MGR *mgr, struct snow3g_session *sess,
 		const struct rte_crypto_sym_xform *xform);
 
 
diff --git a/mk/rte.app.mk b/mk/rte.app.mk
index a8163f1..8bf6b3d 100644
--- a/mk/rte.app.mk
+++ b/mk/rte.app.mk
@@ -268,7 +268,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_QAT_SYM)     += -lrte_pmd_qat -lcrypto
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_QAT_ASYM)    += -lrte_pmd_qat -lcrypto
 endif # CONFIG_RTE_LIBRTE_PMD_QAT
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -lrte_pmd_snow3g
-_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -L$(LIBSSO_SNOW3G_PATH)/build -lsso_snow3g
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lrte_pmd_kasumi
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lrte_pmd_zuc
-- 
2.7.5


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH v4 0/3] Use Intel IPSec MB library in Wireless PMDs
  2020-01-16 11:41   ` [dpdk-dev] [PATCH v3 " Pablo de Lara
                       ` (2 preceding siblings ...)
  2020-01-16 11:41     ` [dpdk-dev] [PATCH v3 3/3] crypto/snow3g: " Pablo de Lara
@ 2020-01-20 11:47     ` Pablo de Lara
  2020-01-20 11:47       ` [dpdk-dev] [PATCH v4 1/3] crypto/zuc: use IPSec library Pablo de Lara
                         ` (3 more replies)
  3 siblings, 4 replies; 21+ messages in thread
From: Pablo de Lara @ 2020-01-20 11:47 UTC (permalink / raw)
  To: akhil.goyal, declan.doherty, bruce.richardson; +Cc: dev, Pablo de Lara

The three Intel SW Crypto PMDs supporting SNOW3G, ZUC and KASUMI link against libSSO libraries.
The Intel IPSec Multi-buffer library recently integrated the code from these libraries, in version v0.53.
This library can be downloaded from https://github.com/intel/intel-ipsec-mb.

KASUMI, SNOW3G and ZUC PMDs have been modified to use this single library,
which is already used in the AESNI MB and AESNI GCM PMDs,
reducing the number of external dependencies in the crypto PMDs.

Changes in v4:
- Rebased against latest dpdk-next-crypto

Changes in v3:
- Fixed clang compilation
- Added reason field in meson config files

Changes in v2:
- Updated ZUC PMD to support future AVX512 and AVX2 implementations.

Pablo de Lara (3):
  crypto/zuc: use IPSec library
  crypto/kasumi: use IPSec library
  crypto/snow3g: use IPSec library

 devtools/test-build.sh                     | 16 ++----
 doc/guides/cryptodevs/kasumi.rst           | 62 ++++++++++++----------
 doc/guides/cryptodevs/snow3g.rst           | 58 +++++++++++---------
 doc/guides/cryptodevs/zuc.rst              | 52 ++++++++++--------
 doc/guides/rel_notes/release_20_02.rst     | 17 ++++++
 drivers/crypto/kasumi/Makefile             | 26 +++++----
 drivers/crypto/kasumi/kasumi_pmd_private.h | 12 +++--
 drivers/crypto/kasumi/meson.build          | 21 ++++++--
 drivers/crypto/kasumi/rte_kasumi_pmd.c     | 79 +++++++++++++++------------
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c |  8 ++-
 drivers/crypto/snow3g/Makefile             | 29 ++++++----
 drivers/crypto/snow3g/meson.build          | 21 ++++++--
 drivers/crypto/snow3g/rte_snow3g_pmd.c     | 85 ++++++++++++++++++------------
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c |  8 ++-
 drivers/crypto/snow3g/snow3g_pmd_private.h | 14 +++--
 drivers/crypto/zuc/Makefile                | 28 ++++++----
 drivers/crypto/zuc/meson.build             | 21 ++++++--
 drivers/crypto/zuc/rte_zuc_pmd.c           | 58 ++++++++++++++------
 drivers/crypto/zuc/rte_zuc_pmd_ops.c       |  2 +
 drivers/crypto/zuc/zuc_pmd_private.h       |  6 ++-
 mk/rte.app.mk                              |  6 +--
 21 files changed, 394 insertions(+), 235 deletions(-)

-- 
2.7.5


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH v4 1/3] crypto/zuc: use IPSec library
  2020-01-20 11:47     ` [dpdk-dev] [PATCH v4 0/3] Use Intel IPSec MB library in Wireless PMDs Pablo de Lara
@ 2020-01-20 11:47       ` Pablo de Lara
  2020-01-20 11:47       ` [dpdk-dev] [PATCH v4 2/3] crypto/kasumi: " Pablo de Lara
                         ` (2 subsequent siblings)
  3 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2020-01-20 11:47 UTC (permalink / raw)
  To: akhil.goyal, declan.doherty, bruce.richardson; +Cc: dev, Pablo de Lara

Link against Intel IPSec Multi-buffer library, which
added support for ZUC-EEA3 and ZUC-EIA3 from version v0.53,
moving from libSSO ZUC library.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 devtools/test-build.sh                 |  6 ++--
 doc/guides/cryptodevs/zuc.rst          | 52 ++++++++++++++++++------------
 doc/guides/rel_notes/release_20_02.rst |  7 ++++
 drivers/crypto/zuc/Makefile            | 28 +++++++++-------
 drivers/crypto/zuc/meson.build         | 21 +++++++++---
 drivers/crypto/zuc/rte_zuc_pmd.c       | 58 ++++++++++++++++++++++++----------
 drivers/crypto/zuc/rte_zuc_pmd_ops.c   |  2 ++
 drivers/crypto/zuc/zuc_pmd_private.h   |  6 +++-
 mk/rte.app.mk                          |  2 +-
 9 files changed, 122 insertions(+), 60 deletions(-)

diff --git a/devtools/test-build.sh b/devtools/test-build.sh
index 52305fb..8135528 100755
--- a/devtools/test-build.sh
+++ b/devtools/test-build.sh
@@ -29,7 +29,6 @@ default_path=$PATH
 # - LIBMUSDK_PATH
 # - LIBSSO_SNOW3G_PATH
 # - LIBSSO_KASUMI_PATH
-# - LIBSSO_ZUC_PATH
 . $(dirname $(readlink -f $0))/load-devel-config
 
 print_usage () {
@@ -123,7 +122,6 @@ reset_env ()
 	unset LIBMUSDK_PATH
 	unset LIBSSO_SNOW3G_PATH
 	unset LIBSSO_KASUMI_PATH
-	unset LIBSSO_ZUC_PATH
 	unset PQOS_INSTALL_PATH
 }
 
@@ -183,12 +181,12 @@ config () # <directory> <target> <options>
 		sed -ri=""       's,(PMD_AESNI_MB=)n,\1y,' $1/.config
 		test "$DPDK_DEP_IPSEC_MB" != y || \
 		sed -ri=""      's,(PMD_AESNI_GCM=)n,\1y,' $1/.config
+		test "$DPDK_DEP_IPSEC_MB" != y || \
+		sed -ri=""            's,(PMD_ZUC=)n,\1y,' $1/.config
 		test -z "$LIBSSO_SNOW3G_PATH" || \
 		sed -ri=""         's,(PMD_SNOW3G=)n,\1y,' $1/.config
 		test -z "$LIBSSO_KASUMI_PATH" || \
 		sed -ri=""         's,(PMD_KASUMI=)n,\1y,' $1/.config
-		test -z "$LIBSSO_ZUC_PATH" || \
-		sed -ri=""            's,(PMD_ZUC=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
 		sed -ri=""            's,(PMD_CCP=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
index 002e986..23d618d 100644
--- a/doc/guides/cryptodevs/zuc.rst
+++ b/doc/guides/cryptodevs/zuc.rst
@@ -1,12 +1,12 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright(c) 2016 Intel Corporation.
+    Copyright(c) 2016-2019 Intel Corporation.
 
 ZUC Crypto Poll Mode Driver
 ===========================
 
-The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver
-support for utilizing Intel Libsso library, which implements F8 and F9 functions
-for ZUC EEA3 cipher and EIA3 hash algorithms.
+The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver support for
+utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_
+which implements F8 and F9 functions for ZUC EEA3 cipher and EIA3 hash algorithms.
 
 Features
 --------
@@ -27,36 +27,46 @@ Limitations
 * Chained mbufs are not supported.
 * ZUC (EIA3) supported only if hash offset field is byte-aligned.
 * ZUC (EEA3) supported only if cipher length, cipher offset fields are byte-aligned.
-* ZUC PMD cannot be built as a shared library, due to limitations in
-  the underlying library.
 
 
 Installation
 ------------
 
-To build DPDK with the ZUC_PMD the user is required to download
-the export controlled ``libsso_zuc`` library, by registering in
-`Intel Resource & Design Center <https://www.intel.com/content/www/us/en/design/resource-design-center.html>`_.
-Once approval has been granted, the user needs to search for
-*ZUC 128-EAA3 and 128-EIA3 3GPP cryptographic algorithms Software Library* to download the
-library or directly through this `link <https://cdrdv2.intel.com/v1/dl/getContent/575868>`_.
+To build DPDK with the ZUC_PMD the user is required to download the multi-buffer
+library from `here <https://github.com/01org/intel-ipsec-mb>`_
+and compile it on their user system before building DPDK.
+The latest version of the library supported by this PMD is v0.53, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+
 After downloading the library, the user needs to unpack and compile it
-on their system before building DPDK::
+on their system before building DPDK:
+
+.. code-block:: console
+
+    make
+    make install
+
+As a reference, the following table shows a mapping between the past DPDK versions
+and the external crypto libraries supported by them:
+
+.. _table_zuc_versions:
+
+.. table:: DPDK and external crypto library version compatibility
+
+   =============  ================================
+   DPDK version   Crypto library version
+   =============  ================================
+   16.11 - 19.11  LibSSO ZUC
+   20.02+         Multi-buffer library 0.53
+   =============  ================================
 
-   make
 
 Initialization
 --------------
 
 In order to enable this virtual crypto PMD, user must:
 
-* Export the environmental variable LIBSSO_ZUC_PATH with the path where
-  the library was extracted (zuc folder).
-
-* Export the environmental variable LD_LIBRARY_PATH with the path
-  where the built libsso library is (LIBSSO_ZUC_PATH/build).
-
-* Build the LIBSSO_ZUC library (explained in Installation section).
+* Build the multi buffer library (explained in Installation section).
 
 * Build DPDK as follows:
 
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index a7a8288..ef4d968 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -132,6 +132,13 @@ New Features
 
   Added Chacha20-Poly1305 AEAD algorithm.
 
+* **Updated the ZUC PMD.**
+
+  * Transistioned underlying library from libSSO ZUC to intel-ipsec-mb
+    library (minimum version required 0.53).
+  * Removed dynamic library limitation, so PMD can be built as a shared
+    object now.
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/zuc/Makefile b/drivers/crypto/zuc/Makefile
index a01bb6e..b50883b 100644
--- a/drivers/crypto/zuc/Makefile
+++ b/drivers/crypto/zuc/Makefile
@@ -1,14 +1,8 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2016 Intel Corporation
+# Copyright(c) 2016-2019 Intel Corporation
 
 include $(RTE_SDK)/mk/rte.vars.mk
 
-ifneq ($(MAKECMDGOALS),clean)
-ifeq ($(LIBSSO_ZUC_PATH),)
-$(error "Please define LIBSSO_ZUC_PATH environment variable")
-endif
-endif
-
 # library name
 LIB = librte_pmd_zuc.a
 
@@ -21,14 +15,26 @@ CFLAGS += -DALLOW_EXPERIMENTAL_API
 EXPORT_MAP := rte_pmd_zuc_version.map
 
 # external library dependencies
-CFLAGS += -I$(LIBSSO_ZUC_PATH)
-CFLAGS += -I$(LIBSSO_ZUC_PATH)/include
-CFLAGS += -I$(LIBSSO_ZUC_PATH)/build
-LDLIBS += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc
+LDLIBS += -lIPSec_MB
 LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring
 LDLIBS += -lrte_cryptodev
 LDLIBS += -lrte_bus_vdev
 
+IMB_HDR = $(shell echo '\#include <intel-ipsec-mb.h>' | \
+	$(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \
+	head -n1 | cut -d'"' -f2)
+
+# Detect library version
+IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2)
+IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3)
+
+ifeq ($(IMB_VERSION),)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
+ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
 # library source files
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += rte_zuc_pmd.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += rte_zuc_pmd_ops.c
diff --git a/drivers/crypto/zuc/meson.build b/drivers/crypto/zuc/meson.build
index b231de0..be3824c 100644
--- a/drivers/crypto/zuc/meson.build
+++ b/drivers/crypto/zuc/meson.build
@@ -1,11 +1,22 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2018 Intel Corporation
+# Copyright(c) 2018-2020 Intel Corporation
 
-lib = cc.find_library('sso_zuc', required: false)
-if not lib.found() or not cc.has_header('sso_zuc.h')
+IMB_required_ver = '0.53.0'
+lib = cc.find_library('IPSec_MB', required: false)
+if not lib.found()
 	build = false
-	reason = 'missing dependency, "libsso_zuc"'
-	subdir_done()
+	reason = 'missing dependency, "libIPSec_MB"'
+else
+	# version comes with quotes, so we split based on " and take the middle
+	imb_ver = cc.get_define('IMB_VERSION_STR',
+		prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
+
+	if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver))
+		reason = 'IPSec_MB version >= @0@ is required, found version @1@'.format(
+				IMB_required_ver, imb_ver)
+		build = false
+	endif
+
 endif
 
 allow_experimental_apis = true
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index 8e214cd..9e06ab7 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -11,7 +11,7 @@
 #include <rte_cpuflags.h>
 
 #include "zuc_pmd_private.h"
-#define ZUC_MAX_BURST 4
+#define ZUC_MAX_BURST 16
 #define BYTE_LEN 8
 
 static uint8_t cryptodev_driver_id;
@@ -170,16 +170,17 @@ zuc_get_session(struct zuc_qp *qp, struct rte_crypto_op *op)
 
 /** Encrypt/decrypt mbufs. */
 static uint8_t
-process_zuc_cipher_op(struct rte_crypto_op **ops,
+process_zuc_cipher_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 		struct zuc_session **sessions,
 		uint8_t num_ops)
 {
 	unsigned i;
 	uint8_t processed_ops = 0;
-	uint8_t *src[ZUC_MAX_BURST], *dst[ZUC_MAX_BURST];
-	uint8_t *iv[ZUC_MAX_BURST];
+	const void *src[ZUC_MAX_BURST];
+	void *dst[ZUC_MAX_BURST];
+	const void *iv[ZUC_MAX_BURST];
 	uint32_t num_bytes[ZUC_MAX_BURST];
-	uint8_t *cipher_keys[ZUC_MAX_BURST];
+	const void *cipher_keys[ZUC_MAX_BURST];
 	struct zuc_session *sess;
 
 	for (i = 0; i < num_ops; i++) {
@@ -222,7 +223,8 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 		processed_ops++;
 	}
 
-	sso_zuc_eea3_n_buffer(cipher_keys, iv, src, dst,
+	IMB_ZUC_EEA3_N_BUFFER(qp->mb_mgr, (const void **)cipher_keys,
+			(const void **)iv, (const void **)src, (void **)dst,
 			num_bytes, processed_ops);
 
 	return processed_ops;
@@ -262,7 +264,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 		if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint32_t *)qp->temp_digest;
 
-			sso_zuc_eia3_1_buffer(sess->pKey_hash,
+			IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash,
 					iv, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
@@ -272,7 +274,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 		} else  {
 			dst = (uint32_t *)ops[i]->sym->auth.digest.data;
 
-			sso_zuc_eia3_1_buffer(sess->pKey_hash,
+			IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash,
 					iv, src,
 					length_in_bits, dst);
 		}
@@ -294,7 +296,7 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type,
 
 	switch (op_type) {
 	case ZUC_OP_ONLY_CIPHER:
-		processed_ops = process_zuc_cipher_op(ops,
+		processed_ops = process_zuc_cipher_op(qp, ops,
 				sessions, num_ops);
 		break;
 	case ZUC_OP_ONLY_AUTH:
@@ -302,14 +304,14 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type,
 				num_ops);
 		break;
 	case ZUC_OP_CIPHER_AUTH:
-		processed_ops = process_zuc_cipher_op(ops, sessions,
+		processed_ops = process_zuc_cipher_op(qp, ops, sessions,
 				num_ops);
 		process_zuc_hash_op(qp, ops, sessions, processed_ops);
 		break;
 	case ZUC_OP_AUTH_CIPHER:
 		processed_ops = process_zuc_hash_op(qp, ops, sessions,
 				num_ops);
-		process_zuc_cipher_op(ops, sessions, processed_ops);
+		process_zuc_cipher_op(qp, ops, sessions, processed_ops);
 		break;
 	default:
 		/* Operation not supported. */
@@ -457,8 +459,7 @@ cryptodev_zuc_create(const char *name,
 {
 	struct rte_cryptodev *dev;
 	struct zuc_private *internals;
-	uint64_t cpu_flags = RTE_CRYPTODEV_FF_CPU_SSE;
-
+	MB_MGR *mb_mgr;
 
 	dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
 	if (dev == NULL) {
@@ -466,6 +467,27 @@ cryptodev_zuc_create(const char *name,
 		goto init_error;
 	}
 
+	dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
+			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING;
+
+	mb_mgr = alloc_mb_mgr(0);
+	if (mb_mgr == NULL)
+		return -ENOMEM;
+
+	if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX512F)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX512;
+		init_mb_mgr_avx512(mb_mgr);
+	} else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX2)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX2;
+		init_mb_mgr_avx2(mb_mgr);
+	} else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
+		init_mb_mgr_avx(mb_mgr);
+	} else {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
+		init_mb_mgr_sse(mb_mgr);
+	}
+
 	dev->driver_id = cryptodev_driver_id;
 	dev->dev_ops = rte_zuc_pmd_ops;
 
@@ -473,11 +495,8 @@ cryptodev_zuc_create(const char *name,
 	dev->dequeue_burst = zuc_pmd_dequeue_burst;
 	dev->enqueue_burst = zuc_pmd_enqueue_burst;
 
-	dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
-			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
-			cpu_flags;
-
 	internals = dev->data->dev_private;
+	internals->mb_mgr = mb_mgr;
 
 	internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs;
 
@@ -518,6 +537,7 @@ cryptodev_zuc_remove(struct rte_vdev_device *vdev)
 
 	struct rte_cryptodev *cryptodev;
 	const char *name;
+	struct zuc_private *internals;
 
 	name = rte_vdev_device_name(vdev);
 	if (name == NULL)
@@ -527,6 +547,10 @@ cryptodev_zuc_remove(struct rte_vdev_device *vdev)
 	if (cryptodev == NULL)
 		return -ENODEV;
 
+	internals = cryptodev->data->dev_private;
+
+	free_mb_mgr(internals->mb_mgr);
+
 	return rte_cryptodev_pmd_destroy(cryptodev);
 }
 
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index 62f8c6c..ddd0f92 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -201,6 +201,7 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		int socket_id)
 {
 	struct zuc_qp *qp = NULL;
+	struct zuc_private *internals = dev->data->dev_private;
 
 	/* Free memory prior to re-allocation if needed. */
 	if (dev->data->queue_pairs[qp_id] != NULL)
@@ -223,6 +224,7 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (qp->processed_ops == NULL)
 		goto qp_setup_cleanup;
 
+	qp->mb_mgr = internals->mb_mgr;
 	qp->sess_mp = qp_conf->mp_session;
 	qp->sess_mp_priv = qp_conf->mp_session_private;
 
diff --git a/drivers/crypto/zuc/zuc_pmd_private.h b/drivers/crypto/zuc/zuc_pmd_private.h
index 428efd4..47a8b08 100644
--- a/drivers/crypto/zuc/zuc_pmd_private.h
+++ b/drivers/crypto/zuc/zuc_pmd_private.h
@@ -5,7 +5,7 @@
 #ifndef _ZUC_PMD_PRIVATE_H_
 #define _ZUC_PMD_PRIVATE_H_
 
-#include <sso_zuc.h>
+#include <intel-ipsec-mb.h>
 
 #define CRYPTODEV_NAME_ZUC_PMD		crypto_zuc
 /**< KASUMI PMD device name */
@@ -24,6 +24,8 @@ int zuc_logtype_driver;
 struct zuc_private {
 	unsigned max_nb_queue_pairs;
 	/**< Max number of queue pairs supported by device */
+	MB_MGR *mb_mgr;
+	/**< Multi-buffer instance */
 };
 
 /** ZUC buffer queue pair */
@@ -45,6 +47,8 @@ struct zuc_qp {
 	 * by the driver when verifying a digest provided
 	 * by the user (using authentication verify operation)
 	 */
+	MB_MGR *mb_mgr;
+	/**< Multi-buffer instance */
 } __rte_cache_aligned;
 
 enum zuc_operation {
diff --git a/mk/rte.app.mk b/mk/rte.app.mk
index 597d6f6..b1c1dbd 100644
--- a/mk/rte.app.mk
+++ b/mk/rte.app.mk
@@ -276,7 +276,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -L$(LIBSSO_SNOW3G_PATH)/build -l
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lrte_pmd_kasumi
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lrte_pmd_zuc
-_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO)    += -lrte_pmd_armv8
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO)    += -L$(ARMV8_CRYPTO_LIB_PATH) -larmv8_crypto
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_MVSAM_CRYPTO) += -L$(LIBMUSDK_PATH)/lib -lrte_pmd_mvsam_crypto -lmusdk
-- 
2.7.5


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH v4 2/3] crypto/kasumi: use IPSec library
  2020-01-20 11:47     ` [dpdk-dev] [PATCH v4 0/3] Use Intel IPSec MB library in Wireless PMDs Pablo de Lara
  2020-01-20 11:47       ` [dpdk-dev] [PATCH v4 1/3] crypto/zuc: use IPSec library Pablo de Lara
@ 2020-01-20 11:47       ` Pablo de Lara
  2020-01-20 11:47       ` [dpdk-dev] [PATCH v4 3/3] crypto/snow3g: " Pablo de Lara
  2020-01-21 10:22       ` [dpdk-dev] [PATCH v4 0/3] Use Intel IPSec MB library in Wireless PMDs Akhil Goyal
  3 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2020-01-20 11:47 UTC (permalink / raw)
  To: akhil.goyal, declan.doherty, bruce.richardson; +Cc: dev, Pablo de Lara

Link against Intel IPSec Multi-buffer library, which
added support for KASUMI-F8 and KASUMI-F9 from version v0.53,
moving from libSSO KASUMI library.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 devtools/test-build.sh                     |  6 +--
 doc/guides/cryptodevs/kasumi.rst           | 62 ++++++++++++-----------
 doc/guides/rel_notes/release_20_02.rst     |  5 ++
 drivers/crypto/kasumi/Makefile             | 26 ++++++----
 drivers/crypto/kasumi/kasumi_pmd_private.h | 12 +++--
 drivers/crypto/kasumi/meson.build          | 21 ++++++--
 drivers/crypto/kasumi/rte_kasumi_pmd.c     | 79 +++++++++++++++++-------------
 drivers/crypto/kasumi/rte_kasumi_pmd_ops.c |  8 ++-
 mk/rte.app.mk                              |  2 +-
 9 files changed, 132 insertions(+), 89 deletions(-)

diff --git a/devtools/test-build.sh b/devtools/test-build.sh
index 8135528..bfbc88b 100755
--- a/devtools/test-build.sh
+++ b/devtools/test-build.sh
@@ -28,7 +28,6 @@ default_path=$PATH
 # - FLEXRAN_SDK
 # - LIBMUSDK_PATH
 # - LIBSSO_SNOW3G_PATH
-# - LIBSSO_KASUMI_PATH
 . $(dirname $(readlink -f $0))/load-devel-config
 
 print_usage () {
@@ -121,7 +120,6 @@ reset_env ()
 	unset FLEXRAN_SDK
 	unset LIBMUSDK_PATH
 	unset LIBSSO_SNOW3G_PATH
-	unset LIBSSO_KASUMI_PATH
 	unset PQOS_INSTALL_PATH
 }
 
@@ -183,10 +181,10 @@ config () # <directory> <target> <options>
 		sed -ri=""      's,(PMD_AESNI_GCM=)n,\1y,' $1/.config
 		test "$DPDK_DEP_IPSEC_MB" != y || \
 		sed -ri=""            's,(PMD_ZUC=)n,\1y,' $1/.config
+		test "$DPDK_DEP_IPSEC_MB" != y || \
+		sed -ri=""         's,(PMD_KASUMI=)n,\1y,' $1/.config
 		test -z "$LIBSSO_SNOW3G_PATH" || \
 		sed -ri=""         's,(PMD_SNOW3G=)n,\1y,' $1/.config
-		test -z "$LIBSSO_KASUMI_PATH" || \
-		sed -ri=""         's,(PMD_KASUMI=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
 		sed -ri=""            's,(PMD_CCP=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
diff --git a/doc/guides/cryptodevs/kasumi.rst b/doc/guides/cryptodevs/kasumi.rst
index 2265eee..6c86fe2 100644
--- a/doc/guides/cryptodevs/kasumi.rst
+++ b/doc/guides/cryptodevs/kasumi.rst
@@ -1,12 +1,12 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright(c) 2016 Intel Corporation.
+    Copyright(c) 2016-2019 Intel Corporation.
 
 KASUMI Crypto Poll Mode Driver
 ===============================
 
-The KASUMI PMD (**librte_pmd_kasumi**) provides poll mode crypto driver
-support for utilizing Intel Libsso library, which implements F8 and F9 functions
-for KASUMI UEA1 cipher and UIA1 hash algorithms.
+The KASUMI PMD (**librte_pmd_kasumi**) provides poll mode crypto driver support for
+utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_
+which implements F8 and F9 functions for KASUMI UEA1 cipher and UIA1 hash algorithms.
 
 Features
 --------
@@ -33,33 +33,33 @@ Limitations
 Installation
 ------------
 
-To build DPDK with the KASUMI_PMD the user is required to download
-the export controlled ``libsso_kasumi`` library, by registering in
-`Intel Resource & Design Center <https://www.intel.com/content/www/us/en/design/resource-design-center.html>`_.
-Once approval has been granted, the user needs to search for
-*Kasumi F8 F9 3GPP cryptographic algorithms Software Library* to download the
-library or directly through this `link <https://cdrdv2.intel.com/v1/dl/getContent/575866>`_.
+To build DPDK with the KASUMI_PMD the user is required to download the multi-buffer
+library from `here <https://github.com/01org/intel-ipsec-mb>`_
+and compile it on their user system before building DPDK.
+The latest version of the library supported by this PMD is v0.53, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+
 After downloading the library, the user needs to unpack and compile it
-on their system before building DPDK::
+on their system before building DPDK:
+
+.. code-block:: console
 
-   make
+    make
+    make install
 
-**Note**: When encrypting with KASUMI F8, by default the library
-encrypts full blocks of 8 bytes, regardless the number of bytes to
-be encrypted provided (which leads to a possible buffer overflow).
-To avoid this situation, it is necessary not to pass
-3GPP_SAFE_BUFFERS as a compilation flag.
-Also, this is required when using chained operations
-(cipher-then-auth/auth-then-cipher).
-For this, in the Makefile of the library, make sure that this flag
-is commented out::
+As a reference, the following table shows a mapping between the past DPDK versions
+and the external crypto libraries supported by them:
 
-  #EXTRA_CFLAGS  += -D_3GPP_SAFE_BUFFERS
+.. _table_kasumi_versions:
 
-**Note**: To build the PMD as a shared library, the libsso_kasumi
-library must be built as follows::
+.. table:: DPDK and external crypto library version compatibility
 
-  make KASUMI_CFLAGS=-DKASUMI_C
+   =============  ================================
+   DPDK version   Crypto library version
+   =============  ================================
+   16.11 - 19.11  LibSSO KASUMI
+   20.02+         Multi-buffer library 0.53
+   =============  ================================
 
 
 Initialization
@@ -67,12 +67,16 @@ Initialization
 
 In order to enable this virtual crypto PMD, user must:
 
-* Export the environmental variable LIBSSO_KASUMI_PATH with the path where
-  the library was extracted (kasumi folder).
+* Build the multi buffer library (explained in Installation section).
+
+* Build DPDK as follows:
+
+.. code-block:: console
 
-* Build the LIBSSO library (explained in Installation section).
+	make config T=x86_64-native-linux-gcc
+	sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_KASUMI\)=n,\1=y,' build/.config
+	make
 
-* Set CONFIG_RTE_LIBRTE_PMD_KASUMI=y in config/common_base.
 
 To use the PMD in an application, user must:
 
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index ef4d968..9db5818 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -139,6 +139,11 @@ New Features
   * Removed dynamic library limitation, so PMD can be built as a shared
     object now.
 
+* **Updated the KASUMI PMD.**
+
+  * Transistioned underlying library from libSSO KASUMI to intel-ipsec-mb
+    library (minimum version required 0.53).
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/kasumi/Makefile b/drivers/crypto/kasumi/Makefile
index 26f5137..c94d6bd 100644
--- a/drivers/crypto/kasumi/Makefile
+++ b/drivers/crypto/kasumi/Makefile
@@ -3,12 +3,6 @@
 
 include $(RTE_SDK)/mk/rte.vars.mk
 
-ifneq ($(MAKECMDGOALS),clean)
-ifeq ($(LIBSSO_KASUMI_PATH),)
-$(error "Please define LIBSSO_KASUMI_PATH environment variable")
-endif
-endif
-
 # library name
 LIB = librte_pmd_kasumi.a
 
@@ -21,14 +15,26 @@ CFLAGS += -DALLOW_EXPERIMENTAL_API
 EXPORT_MAP := rte_pmd_kasumi_version.map
 
 # external library dependencies
-CFLAGS += -I$(LIBSSO_KASUMI_PATH)
-CFLAGS += -I$(LIBSSO_KASUMI_PATH)/include
-CFLAGS += -I$(LIBSSO_KASUMI_PATH)/build
-LDLIBS += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi
+LDLIBS += -lIPSec_MB
 LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring
 LDLIBS += -lrte_cryptodev
 LDLIBS += -lrte_bus_vdev
 
+IMB_HDR = $(shell echo '\#include <intel-ipsec-mb.h>' | \
+	$(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \
+	head -n1 | cut -d'"' -f2)
+
+# Detect library version
+IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2)
+IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3)
+
+ifeq ($(IMB_VERSION),)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
+ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
 # library source files
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += rte_kasumi_pmd.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += rte_kasumi_pmd_ops.c
diff --git a/drivers/crypto/kasumi/kasumi_pmd_private.h b/drivers/crypto/kasumi/kasumi_pmd_private.h
index 7ac19c5..3b3a695 100644
--- a/drivers/crypto/kasumi/kasumi_pmd_private.h
+++ b/drivers/crypto/kasumi/kasumi_pmd_private.h
@@ -5,7 +5,7 @@
 #ifndef _KASUMI_PMD_PRIVATE_H_
 #define _KASUMI_PMD_PRIVATE_H_
 
-#include <sso_kasumi.h>
+#include <intel-ipsec-mb.h>
 
 #define CRYPTODEV_NAME_KASUMI_PMD	crypto_kasumi
 /**< KASUMI PMD device name */
@@ -24,6 +24,8 @@ int kasumi_logtype_driver;
 struct kasumi_private {
 	unsigned max_nb_queue_pairs;
 	/**< Max number of queue pairs supported by device */
+	MB_MGR *mgr;
+	/**< Multi-buffer instance */
 };
 
 /** KASUMI buffer queue pair */
@@ -45,6 +47,8 @@ struct kasumi_qp {
 	 * by the driver when verifying a digest provided
 	 * by the user (using authentication verify operation)
 	 */
+	MB_MGR *mgr;
+	/**< Multi-buffer instance */
 } __rte_cache_aligned;
 
 enum kasumi_operation {
@@ -58,8 +62,8 @@ enum kasumi_operation {
 /** KASUMI private session structure */
 struct kasumi_session {
 	/* Keys have to be 16-byte aligned */
-	sso_kasumi_key_sched_t pKeySched_cipher;
-	sso_kasumi_key_sched_t pKeySched_hash;
+	kasumi_key_sched_t pKeySched_cipher;
+	kasumi_key_sched_t pKeySched_hash;
 	enum kasumi_operation op;
 	enum rte_crypto_auth_operation auth_op;
 	uint16_t cipher_iv_offset;
@@ -67,7 +71,7 @@ struct kasumi_session {
 
 
 int
-kasumi_set_session_parameters(struct kasumi_session *sess,
+kasumi_set_session_parameters(MB_MGR *mgr, struct kasumi_session *sess,
 		const struct rte_crypto_sym_xform *xform);
 
 
diff --git a/drivers/crypto/kasumi/meson.build b/drivers/crypto/kasumi/meson.build
index 90a3c4f..7350f41 100644
--- a/drivers/crypto/kasumi/meson.build
+++ b/drivers/crypto/kasumi/meson.build
@@ -1,11 +1,22 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2018 Intel Corporation
+# Copyright(c) 2018-2020 Intel Corporation
 
-lib = cc.find_library('sso_kasumi', required: false)
-if not lib.found() or not cc.has_header('sso_kasumi.h')
+IMB_required_ver = '0.53.0'
+lib = cc.find_library('IPSec_MB', required: false)
+if not lib.found()
 	build = false
-	reason = 'missing dependency, "libsso_kasumi"'
-	subdir_done()
+	reason = 'missing dependency, "libIPSec_MB"'
+else
+	# version comes with quotes, so we split based on " and take the middle
+	imb_ver = cc.get_define('IMB_VERSION_STR',
+		prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
+
+	if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver))
+		reason = 'IPSec_MB version >= @0@ is required, found version @1@'.format(
+				IMB_required_ver, imb_ver)
+		build = false
+	endif
+
 endif
 
 allow_experimental_apis = true
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd.c b/drivers/crypto/kasumi/rte_kasumi_pmd.c
index d0583ef..baad5b4 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd.c
@@ -54,7 +54,7 @@ kasumi_get_mode(const struct rte_crypto_sym_xform *xform)
 
 /** Parse crypto xform chain and set private session parameters. */
 int
-kasumi_set_session_parameters(struct kasumi_session *sess,
+kasumi_set_session_parameters(MB_MGR *mgr, struct kasumi_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
 	const struct rte_crypto_sym_xform *auth_xform = NULL;
@@ -97,7 +97,7 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		}
 
 		/* Initialize key */
-		sso_kasumi_init_f8_key_sched(cipher_xform->cipher.key.data,
+		IMB_KASUMI_INIT_F8_KEY_SCHED(mgr, cipher_xform->cipher.key.data,
 				&sess->pKeySched_cipher);
 	}
 
@@ -116,7 +116,7 @@ kasumi_set_session_parameters(struct kasumi_session *sess,
 		sess->auth_op = auth_xform->auth.op;
 
 		/* Initialize key */
-		sso_kasumi_init_f9_key_sched(auth_xform->auth.key.data,
+		IMB_KASUMI_INIT_F9_KEY_SCHED(mgr, auth_xform->auth.key.data,
 				&sess->pKeySched_hash);
 	}
 
@@ -151,7 +151,7 @@ kasumi_get_session(struct kasumi_qp *qp, struct rte_crypto_op *op)
 
 		sess = (struct kasumi_session *)_sess_private_data;
 
-		if (unlikely(kasumi_set_session_parameters(sess,
+		if (unlikely(kasumi_set_session_parameters(qp->mgr, sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
 			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
@@ -170,13 +170,13 @@ kasumi_get_session(struct kasumi_qp *qp, struct rte_crypto_op *op)
 
 /** Encrypt/decrypt mbufs with same cipher key. */
 static uint8_t
-process_kasumi_cipher_op(struct rte_crypto_op **ops,
-		struct kasumi_session *session,
-		uint8_t num_ops)
+process_kasumi_cipher_op(struct kasumi_qp *qp, struct rte_crypto_op **ops,
+		struct kasumi_session *session, uint8_t num_ops)
 {
 	unsigned i;
 	uint8_t processed_ops = 0;
-	uint8_t *src[num_ops], *dst[num_ops];
+	const void *src[num_ops];
+	void *dst[num_ops];
 	uint8_t *iv_ptr;
 	uint64_t iv[num_ops];
 	uint32_t num_bytes[num_ops];
@@ -198,7 +198,7 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 	}
 
 	if (processed_ops != 0)
-		sso_kasumi_f8_n_buffer(&session->pKeySched_cipher, iv,
+		IMB_KASUMI_F8_N_BUFFER(qp->mgr, &session->pKeySched_cipher, iv,
 			src, dst, num_bytes, processed_ops);
 
 	return processed_ops;
@@ -206,7 +206,7 @@ process_kasumi_cipher_op(struct rte_crypto_op **ops,
 
 /** Encrypt/decrypt mbuf (bit level function). */
 static uint8_t
-process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
+process_kasumi_cipher_op_bit(struct kasumi_qp *qp, struct rte_crypto_op *op,
 		struct kasumi_session *session)
 {
 	uint8_t *src, *dst;
@@ -216,18 +216,16 @@ process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
 
 	offset_in_bits = op->sym->cipher.data.offset;
 	src = rte_pktmbuf_mtod(op->sym->m_src, uint8_t *);
-	if (op->sym->m_dst == NULL) {
-		op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
-		KASUMI_LOG(ERR, "bit-level in-place not supported");
-		return 0;
-	}
-	dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
+	if (op->sym->m_dst == NULL)
+		dst = src;
+	else
+		dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
 	iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
 			session->cipher_iv_offset);
 	iv = *((uint64_t *)(iv_ptr));
 	length_in_bits = op->sym->cipher.data.length;
 
-	sso_kasumi_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
+	IMB_KASUMI_F8_1_BUFFER_BIT(qp->mgr, &session->pKeySched_cipher, iv,
 			src, dst, length_in_bits, offset_in_bits);
 
 	return 1;
@@ -262,7 +260,8 @@ process_kasumi_hash_op(struct kasumi_qp *qp, struct rte_crypto_op **ops,
 
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = qp->temp_digest;
-			sso_kasumi_f9_1_buffer(&session->pKeySched_hash, src,
+			IMB_KASUMI_F9_1_BUFFER(qp->mgr,
+					&session->pKeySched_hash, src,
 					num_bytes, dst);
 
 			/* Verify digest. */
@@ -272,7 +271,8 @@ process_kasumi_hash_op(struct kasumi_qp *qp, struct rte_crypto_op **ops,
 		} else  {
 			dst = ops[i]->sym->auth.digest.data;
 
-			sso_kasumi_f9_1_buffer(&session->pKeySched_hash, src,
+			IMB_KASUMI_F9_1_BUFFER(qp->mgr,
+					&session->pKeySched_hash, src,
 					num_bytes, dst);
 		}
 		processed_ops++;
@@ -292,7 +292,7 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
 
 	switch (session->op) {
 	case KASUMI_OP_ONLY_CIPHER:
-		processed_ops = process_kasumi_cipher_op(ops,
+		processed_ops = process_kasumi_cipher_op(qp, ops,
 				session, num_ops);
 		break;
 	case KASUMI_OP_ONLY_AUTH:
@@ -300,14 +300,14 @@ process_ops(struct rte_crypto_op **ops, struct kasumi_session *session,
 				num_ops);
 		break;
 	case KASUMI_OP_CIPHER_AUTH:
-		processed_ops = process_kasumi_cipher_op(ops, session,
+		processed_ops = process_kasumi_cipher_op(qp, ops, session,
 				num_ops);
 		process_kasumi_hash_op(qp, ops, session, processed_ops);
 		break;
 	case KASUMI_OP_AUTH_CIPHER:
 		processed_ops = process_kasumi_hash_op(qp, ops, session,
 				num_ops);
-		process_kasumi_cipher_op(ops, session, processed_ops);
+		process_kasumi_cipher_op(qp, ops, session, processed_ops);
 		break;
 	default:
 		/* Operation not supported. */
@@ -350,21 +350,21 @@ process_op_bit(struct rte_crypto_op *op, struct kasumi_session *session,
 
 	switch (session->op) {
 	case KASUMI_OP_ONLY_CIPHER:
-		processed_op = process_kasumi_cipher_op_bit(op,
+		processed_op = process_kasumi_cipher_op_bit(qp, op,
 				session);
 		break;
 	case KASUMI_OP_ONLY_AUTH:
 		processed_op = process_kasumi_hash_op(qp, &op, session, 1);
 		break;
 	case KASUMI_OP_CIPHER_AUTH:
-		processed_op = process_kasumi_cipher_op_bit(op, session);
+		processed_op = process_kasumi_cipher_op_bit(qp, op, session);
 		if (processed_op == 1)
 			process_kasumi_hash_op(qp, &op, session, 1);
 		break;
 	case KASUMI_OP_AUTH_CIPHER:
 		processed_op = process_kasumi_hash_op(qp, &op, session, 1);
 		if (processed_op == 1)
-			process_kasumi_cipher_op_bit(op, session);
+			process_kasumi_cipher_op_bit(qp, op, session);
 		break;
 	default:
 		/* Operation not supported. */
@@ -533,7 +533,7 @@ cryptodev_kasumi_create(const char *name,
 {
 	struct rte_cryptodev *dev;
 	struct kasumi_private *internals;
-	uint64_t cpu_flags = 0;
+	MB_MGR *mgr;
 
 	dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
 	if (dev == NULL) {
@@ -541,12 +541,6 @@ cryptodev_kasumi_create(const char *name,
 		goto init_error;
 	}
 
-	/* Check CPU for supported vector instruction set */
-	if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX))
-		cpu_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
-	else
-		cpu_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
-
 	dev->driver_id = cryptodev_driver_id;
 	dev->dev_ops = rte_kasumi_pmd_ops;
 
@@ -555,12 +549,24 @@ cryptodev_kasumi_create(const char *name,
 	dev->enqueue_burst = kasumi_pmd_enqueue_burst;
 
 	dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
-			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
-			cpu_flags;
+			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING;
+
+	mgr = alloc_mb_mgr(0);
+	if (mgr == NULL)
+		return -ENOMEM;
+
+	if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
+		init_mb_mgr_avx(mgr);
+	} else {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
+		init_mb_mgr_sse(mgr);
+	}
 
 	internals = dev->data->dev_private;
 
 	internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs;
+	internals->mgr = mgr;
 
 	return 0;
 init_error:
@@ -598,6 +604,7 @@ cryptodev_kasumi_remove(struct rte_vdev_device *vdev)
 {
 	struct rte_cryptodev *cryptodev;
 	const char *name;
+	struct kasumi_private *internals;
 
 	name = rte_vdev_device_name(vdev);
 	if (name == NULL)
@@ -607,6 +614,10 @@ cryptodev_kasumi_remove(struct rte_vdev_device *vdev)
 	if (cryptodev == NULL)
 		return -ENODEV;
 
+	internals = cryptodev->data->dev_private;
+
+	free_mb_mgr(internals->mgr);
+
 	return rte_cryptodev_pmd_destroy(cryptodev);
 }
 
diff --git a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
index 5ce4953..55fbe00 100644
--- a/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
+++ b/drivers/crypto/kasumi/rte_kasumi_pmd_ops.c
@@ -195,6 +195,7 @@ kasumi_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		int socket_id)
 {
 	struct kasumi_qp *qp = NULL;
+	struct kasumi_private *internals = dev->data->dev_private;
 
 	/* Free memory prior to re-allocation if needed. */
 	if (dev->data->queue_pairs[qp_id] != NULL)
@@ -217,6 +218,7 @@ kasumi_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (qp->processed_ops == NULL)
 		goto qp_setup_cleanup;
 
+	qp->mgr = internals->mgr;
 	qp->sess_mp = qp_conf->mp_session;
 	qp->sess_mp_priv = qp_conf->mp_session_private;
 
@@ -246,13 +248,14 @@ kasumi_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 
 /** Configure a KASUMI session from a crypto xform chain */
 static int
-kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
+kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
 		struct rte_cryptodev_sym_session *sess,
 		struct rte_mempool *mempool)
 {
 	void *sess_private_data;
 	int ret;
+	struct kasumi_private *internals = dev->data->dev_private;
 
 	if (unlikely(sess == NULL)) {
 		KASUMI_LOG(ERR, "invalid session struct");
@@ -265,7 +268,8 @@ kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -ENOMEM;
 	}
 
-	ret = kasumi_set_session_parameters(sess_private_data, xform);
+	ret = kasumi_set_session_parameters(internals->mgr,
+					sess_private_data, xform);
 	if (ret != 0) {
 		KASUMI_LOG(ERR, "failed configure session parameters");
 
diff --git a/mk/rte.app.mk b/mk/rte.app.mk
index b1c1dbd..494d26d 100644
--- a/mk/rte.app.mk
+++ b/mk/rte.app.mk
@@ -274,7 +274,7 @@ endif # CONFIG_RTE_LIBRTE_PMD_QAT
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -lrte_pmd_snow3g
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -L$(LIBSSO_SNOW3G_PATH)/build -lsso_snow3g
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lrte_pmd_kasumi
-_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lrte_pmd_zuc
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO)    += -lrte_pmd_armv8
-- 
2.7.5


^ permalink raw reply	[flat|nested] 21+ messages in thread

* [dpdk-dev] [PATCH v4 3/3] crypto/snow3g: use IPSec library
  2020-01-20 11:47     ` [dpdk-dev] [PATCH v4 0/3] Use Intel IPSec MB library in Wireless PMDs Pablo de Lara
  2020-01-20 11:47       ` [dpdk-dev] [PATCH v4 1/3] crypto/zuc: use IPSec library Pablo de Lara
  2020-01-20 11:47       ` [dpdk-dev] [PATCH v4 2/3] crypto/kasumi: " Pablo de Lara
@ 2020-01-20 11:47       ` Pablo de Lara
  2020-01-21 10:22       ` [dpdk-dev] [PATCH v4 0/3] Use Intel IPSec MB library in Wireless PMDs Akhil Goyal
  3 siblings, 0 replies; 21+ messages in thread
From: Pablo de Lara @ 2020-01-20 11:47 UTC (permalink / raw)
  To: akhil.goyal, declan.doherty, bruce.richardson; +Cc: dev, Pablo de Lara

Link against Intel IPSec Multi-buffer library, which
added support for SNOW3G-UEA2 and SNOW3G-UIA2 from version v0.53,
moving from libSSO SNOW3G library.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 devtools/test-build.sh                     |  4 +-
 doc/guides/cryptodevs/snow3g.rst           | 58 +++++++++++---------
 doc/guides/rel_notes/release_20_02.rst     |  5 ++
 drivers/crypto/snow3g/Makefile             | 29 ++++++----
 drivers/crypto/snow3g/meson.build          | 21 ++++++--
 drivers/crypto/snow3g/rte_snow3g_pmd.c     | 85 ++++++++++++++++++------------
 drivers/crypto/snow3g/rte_snow3g_pmd_ops.c |  8 ++-
 drivers/crypto/snow3g/snow3g_pmd_private.h | 14 +++--
 mk/rte.app.mk                              |  2 +-
 9 files changed, 140 insertions(+), 86 deletions(-)

diff --git a/devtools/test-build.sh b/devtools/test-build.sh
index bfbc88b..dd72dd6 100755
--- a/devtools/test-build.sh
+++ b/devtools/test-build.sh
@@ -27,7 +27,6 @@ default_path=$PATH
 # - DPDK_NOTIFY (notify-send)
 # - FLEXRAN_SDK
 # - LIBMUSDK_PATH
-# - LIBSSO_SNOW3G_PATH
 . $(dirname $(readlink -f $0))/load-devel-config
 
 print_usage () {
@@ -119,7 +118,6 @@ reset_env ()
 	unset ARMV8_CRYPTO_LIB_PATH
 	unset FLEXRAN_SDK
 	unset LIBMUSDK_PATH
-	unset LIBSSO_SNOW3G_PATH
 	unset PQOS_INSTALL_PATH
 }
 
@@ -183,7 +181,7 @@ config () # <directory> <target> <options>
 		sed -ri=""            's,(PMD_ZUC=)n,\1y,' $1/.config
 		test "$DPDK_DEP_IPSEC_MB" != y || \
 		sed -ri=""         's,(PMD_KASUMI=)n,\1y,' $1/.config
-		test -z "$LIBSSO_SNOW3G_PATH" || \
+		test "$DPDK_DEP_IPSEC_MB" != y || \
 		sed -ri=""         's,(PMD_SNOW3G=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
 		sed -ri=""            's,(PMD_CCP=)n,\1y,' $1/.config
diff --git a/doc/guides/cryptodevs/snow3g.rst b/doc/guides/cryptodevs/snow3g.rst
index 7cba712..d45bcad 100644
--- a/doc/guides/cryptodevs/snow3g.rst
+++ b/doc/guides/cryptodevs/snow3g.rst
@@ -1,12 +1,12 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright(c) 2016 Intel Corporation.
+    Copyright(c) 2016-2019 Intel Corporation.
 
 SNOW 3G Crypto Poll Mode Driver
 ===============================
 
-The SNOW 3G PMD (**librte_pmd_snow3g**) provides poll mode crypto driver
-support for utilizing Intel Libsso library, which implements F8 and F9 functions
-for SNOW 3G UEA2 cipher and UIA2 hash algorithms.
+The SNOW3G PMD (**librte_snow3g_zuc**) provides poll mode crypto driver support for
+utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_
+which implements F8 and F8 functions for SNOW 3G UEA2 cipher and UIA2 hash algorithms.
 
 Features
 --------
@@ -32,26 +32,33 @@ Limitations
 Installation
 ------------
 
-To build DPDK with the SNOW3G_PMD the user is required to download
-the export controlled ``libsso_snow3g`` library, by registering in
-`Intel Resource & Design Center <https://www.intel.com/content/www/us/en/design/resource-design-center.html>`_.
-Once approval has been granted, the user needs to search for
-*Snow3G F8 F9 3GPP cryptographic algorithms Software Library* to download the
-library or directly through this `link <https://cdrdv2.intel.com/v1/dl/getContent/575867>`_.
+To build DPDK with the SNOW3G_PMD the user is required to download the multi-buffer
+library from `here <https://github.com/01org/intel-ipsec-mb>`_
+and compile it on their user system before building DPDK.
+The latest version of the library supported by this PMD is v0.53, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+
 After downloading the library, the user needs to unpack and compile it
-on their system before building DPDK::
+on their system before building DPDK:
+
+.. code-block:: console
+
+    make
+    make install
 
-   make snow3G
+As a reference, the following table shows a mapping between the past DPDK versions
+and the external crypto libraries supported by them:
 
-**Note**: When encrypting with SNOW3G UEA2, by default the library
-encrypts blocks of 4 bytes, regardless the number of bytes to
-be encrypted provided (which leads to a possible buffer overflow).
-To avoid this situation, it is necessary not to pass
-3GPP_SAFE_BUFFERS as a compilation flag.
-For this, in the Makefile of the library, make sure that this flag
-is commented out.::
+.. _table_zuc_versions:
 
-  #EXTRA_CFLAGS  += -D_3GPP_SAFE_BUFFERS
+.. table:: DPDK and external crypto library version compatibility
+
+   =============  ================================
+   DPDK version   Crypto library version
+   =============  ================================
+   16.04 - 19.11  LibSSO SNOW3G
+   20.02+         Multi-buffer library 0.53
+   =============  ================================
 
 
 Initialization
@@ -59,12 +66,15 @@ Initialization
 
 In order to enable this virtual crypto PMD, user must:
 
-* Export the environmental variable LIBSSO_SNOW3G_PATH with the path where
-  the library was extracted (snow3g folder).
+* Build the multi buffer library (explained in Installation section).
+
+* Build DPDK as follows:
 
-* Build the LIBSSO_SNOW3G library (explained in Installation section).
+.. code-block:: console
 
-* Set CONFIG_RTE_LIBRTE_PMD_SNOW3G=y in config/common_base.
+	make config T=x86_64-native-linux-gcc
+	sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_SNOW3G\)=n,\1=y,' build/.config
+	make
 
 To use the PMD in an application, user must:
 
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index 9db5818..b9d024d 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -144,6 +144,11 @@ New Features
   * Transistioned underlying library from libSSO KASUMI to intel-ipsec-mb
     library (minimum version required 0.53).
 
+* **Updated the SNOW3G PMD.**
+
+  * Transistioned underlying library from libSSO SNOW3G to intel-ipsec-mb
+    library (minimum version required 0.53).
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/snow3g/Makefile b/drivers/crypto/snow3g/Makefile
index 4086c57..438119c 100644
--- a/drivers/crypto/snow3g/Makefile
+++ b/drivers/crypto/snow3g/Makefile
@@ -1,14 +1,8 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2016 Intel Corporation
+# Copyright(c) 2016-2019 Intel Corporation
 
 include $(RTE_SDK)/mk/rte.vars.mk
 
-ifneq ($(MAKECMDGOALS),clean)
-ifeq ($(LIBSSO_SNOW3G_PATH),)
-$(error "Please define LIBSSO_SNOW3G_PATH environment variable")
-endif
-endif
-
 # library name
 LIB = librte_pmd_snow3g.a
 
@@ -21,14 +15,27 @@ CFLAGS += -DALLOW_EXPERIMENTAL_API
 EXPORT_MAP := rte_pmd_snow3g_version.map
 
 # external library dependencies
-CFLAGS += -I$(LIBSSO_SNOW3G_PATH)
-CFLAGS += -I$(LIBSSO_SNOW3G_PATH)/include
-CFLAGS += -I$(LIBSSO_SNOW3G_PATH)/build
-LDLIBS += -L$(LIBSSO_SNOW3G_PATH)/build -lsso_snow3g
+LDLIBS += -lIPSec_MB
 LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring
 LDLIBS += -lrte_cryptodev
 LDLIBS += -lrte_bus_vdev
 
+IMB_HDR = $(shell echo '\#include <intel-ipsec-mb.h>' | \
+	$(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \
+	head -n1 | cut -d'"' -f2)
+
+# Detect library version
+IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2)
+IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3)
+
+ifeq ($(IMB_VERSION),)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
+ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
 # library source files
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += rte_snow3g_pmd.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += rte_snow3g_pmd_ops.c
diff --git a/drivers/crypto/snow3g/meson.build b/drivers/crypto/snow3g/meson.build
index 0e8742a..9d93cbe 100644
--- a/drivers/crypto/snow3g/meson.build
+++ b/drivers/crypto/snow3g/meson.build
@@ -1,11 +1,22 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2019 Intel Corporation
+# Copyright(c) 2019-2020 Intel Corporation
 
-lib = cc.find_library('sso_snow3g', required: false)
-if not lib.found() or not cc.has_header('sso_snow3g.h')
+IMB_required_ver = '0.53.0'
+lib = cc.find_library('IPSec_MB', required: false)
+if not lib.found()
 	build = false
-	reason = 'missing dependency, "libsso_snow3g"'
-	subdir_done()
+	reason = 'missing dependency, "libIPSec_MB"'
+else
+	# version comes with quotes, so we split based on " and take the middle
+	imb_ver = cc.get_define('IMB_VERSION_STR',
+		prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
+
+	if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver))
+                reason = 'IPSec_MB version >= @0@ is required, found version @1@'.format(
+				IMB_required_ver, imb_ver)
+		build = false
+	endif
+
 endif
 
 allow_experimental_apis = true
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd.c b/drivers/crypto/snow3g/rte_snow3g_pmd.c
index 9d07e1a..d72112b 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd.c
@@ -53,7 +53,7 @@ snow3g_get_mode(const struct rte_crypto_sym_xform *xform)
 
 /** Parse crypto xform chain and set private session parameters. */
 int
-snow3g_set_session_parameters(struct snow3g_session *sess,
+snow3g_set_session_parameters(MB_MGR *mgr, struct snow3g_session *sess,
 		const struct rte_crypto_sym_xform *xform)
 {
 	const struct rte_crypto_sym_xform *auth_xform = NULL;
@@ -84,8 +84,6 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 	}
 
 	if (cipher_xform) {
-		uint8_t cipher_key[SNOW3G_MAX_KEY_SIZE];
-
 		/* Only SNOW 3G UEA2 supported */
 		if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_SNOW3G_UEA2)
 			return -ENOTSUP;
@@ -102,14 +100,11 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 		sess->cipher_iv_offset = cipher_xform->cipher.iv.offset;
 
 		/* Initialize key */
-		memcpy(cipher_key, cipher_xform->cipher.key.data,
-				cipher_xform->cipher.key.length);
-		sso_snow3g_init_key_sched(cipher_key, &sess->pKeySched_cipher);
+		IMB_SNOW3G_INIT_KEY_SCHED(mgr, cipher_xform->cipher.key.data,
+					&sess->pKeySched_cipher);
 	}
 
 	if (auth_xform) {
-		uint8_t auth_key[SNOW3G_MAX_KEY_SIZE];
-
 		/* Only SNOW 3G UIA2 supported */
 		if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_SNOW3G_UIA2)
 			return -ENOTSUP;
@@ -132,12 +127,10 @@ snow3g_set_session_parameters(struct snow3g_session *sess,
 		sess->auth_iv_offset = auth_xform->auth.iv.offset;
 
 		/* Initialize key */
-		memcpy(auth_key, auth_xform->auth.key.data,
-				auth_xform->auth.key.length);
-		sso_snow3g_init_key_sched(auth_key, &sess->pKeySched_hash);
+		IMB_SNOW3G_INIT_KEY_SCHED(mgr, auth_xform->auth.key.data,
+					&sess->pKeySched_hash);
 	}
 
-
 	sess->op = mode;
 
 	return 0;
@@ -168,7 +161,7 @@ snow3g_get_session(struct snow3g_qp *qp, struct rte_crypto_op *op)
 
 		sess = (struct snow3g_session *)_sess_private_data;
 
-		if (unlikely(snow3g_set_session_parameters(sess,
+		if (unlikely(snow3g_set_session_parameters(qp->mgr, sess,
 				op->sym->xform) != 0)) {
 			rte_mempool_put(qp->sess_mp, _sess);
 			rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
@@ -188,14 +181,15 @@ snow3g_get_session(struct snow3g_qp *qp, struct rte_crypto_op *op)
 
 /** Encrypt/decrypt mbufs with same cipher key. */
 static uint8_t
-process_snow3g_cipher_op(struct rte_crypto_op **ops,
+process_snow3g_cipher_op(struct snow3g_qp *qp, struct rte_crypto_op **ops,
 		struct snow3g_session *session,
 		uint8_t num_ops)
 {
 	unsigned i;
 	uint8_t processed_ops = 0;
-	uint8_t *src[SNOW3G_MAX_BURST], *dst[SNOW3G_MAX_BURST];
-	uint8_t *iv[SNOW3G_MAX_BURST];
+	const void *src[SNOW3G_MAX_BURST];
+	void *dst[SNOW3G_MAX_BURST];
+	const void *iv[SNOW3G_MAX_BURST];
 	uint32_t num_bytes[SNOW3G_MAX_BURST];
 
 	for (i = 0; i < num_ops; i++) {
@@ -213,15 +207,16 @@ process_snow3g_cipher_op(struct rte_crypto_op **ops,
 		processed_ops++;
 	}
 
-	sso_snow3g_f8_n_buffer(&session->pKeySched_cipher, iv, src, dst,
-			num_bytes, processed_ops);
+	IMB_SNOW3G_F8_N_BUFFER(qp->mgr, &session->pKeySched_cipher, iv,
+			src, dst, num_bytes, processed_ops);
 
 	return processed_ops;
 }
 
 /** Encrypt/decrypt mbuf (bit level function). */
 static uint8_t
-process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
+process_snow3g_cipher_op_bit(struct snow3g_qp *qp,
+		struct rte_crypto_op *op,
 		struct snow3g_session *session)
 {
 	uint8_t *src, *dst;
@@ -240,7 +235,7 @@ process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
 				session->cipher_iv_offset);
 	length_in_bits = op->sym->cipher.data.length;
 
-	sso_snow3g_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
+	IMB_SNOW3G_F8_1_BUFFER_BIT(qp->mgr, &session->pKeySched_cipher, iv,
 			src, dst, length_in_bits, offset_in_bits);
 
 	return 1;
@@ -276,9 +271,9 @@ process_snow3g_hash_op(struct snow3g_qp *qp, struct rte_crypto_op **ops,
 		if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = qp->temp_digest;
 
-			sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
-					iv, src,
-					length_in_bits,	dst);
+			IMB_SNOW3G_F9_1_BUFFER(qp->mgr,
+					&session->pKeySched_hash,
+					iv, src, length_in_bits, dst);
 			/* Verify digest. */
 			if (memcmp(dst, ops[i]->sym->auth.digest.data,
 					SNOW3G_DIGEST_LENGTH) != 0)
@@ -286,9 +281,9 @@ process_snow3g_hash_op(struct snow3g_qp *qp, struct rte_crypto_op **ops,
 		} else  {
 			dst = ops[i]->sym->auth.digest.data;
 
-			sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
-					iv, src,
-					length_in_bits, dst);
+			IMB_SNOW3G_F9_1_BUFFER(qp->mgr,
+					&session->pKeySched_hash,
+					iv, src, length_in_bits, dst);
 		}
 		processed_ops++;
 	}
@@ -322,7 +317,7 @@ process_ops(struct rte_crypto_op **ops, struct snow3g_session *session,
 
 	switch (session->op) {
 	case SNOW3G_OP_ONLY_CIPHER:
-		processed_ops = process_snow3g_cipher_op(ops,
+		processed_ops = process_snow3g_cipher_op(qp, ops,
 				session, num_ops);
 		break;
 	case SNOW3G_OP_ONLY_AUTH:
@@ -330,14 +325,14 @@ process_ops(struct rte_crypto_op **ops, struct snow3g_session *session,
 				num_ops);
 		break;
 	case SNOW3G_OP_CIPHER_AUTH:
-		processed_ops = process_snow3g_cipher_op(ops, session,
+		processed_ops = process_snow3g_cipher_op(qp, ops, session,
 				num_ops);
 		process_snow3g_hash_op(qp, ops, session, processed_ops);
 		break;
 	case SNOW3G_OP_AUTH_CIPHER:
 		processed_ops = process_snow3g_hash_op(qp, ops, session,
 				num_ops);
-		process_snow3g_cipher_op(ops, session, processed_ops);
+		process_snow3g_cipher_op(qp, ops, session, processed_ops);
 		break;
 	default:
 		/* Operation not supported. */
@@ -380,21 +375,21 @@ process_op_bit(struct rte_crypto_op *op, struct snow3g_session *session,
 
 	switch (session->op) {
 	case SNOW3G_OP_ONLY_CIPHER:
-		processed_op = process_snow3g_cipher_op_bit(op,
+		processed_op = process_snow3g_cipher_op_bit(qp, op,
 				session);
 		break;
 	case SNOW3G_OP_ONLY_AUTH:
 		processed_op = process_snow3g_hash_op(qp, &op, session, 1);
 		break;
 	case SNOW3G_OP_CIPHER_AUTH:
-		processed_op = process_snow3g_cipher_op_bit(op, session);
+		processed_op = process_snow3g_cipher_op_bit(qp, op, session);
 		if (processed_op == 1)
 			process_snow3g_hash_op(qp, &op, session, 1);
 		break;
 	case SNOW3G_OP_AUTH_CIPHER:
 		processed_op = process_snow3g_hash_op(qp, &op, session, 1);
 		if (processed_op == 1)
-			process_snow3g_cipher_op_bit(op, session);
+			process_snow3g_cipher_op_bit(qp, op, session);
 		break;
 	default:
 		/* Operation not supported. */
@@ -550,7 +545,7 @@ cryptodev_snow3g_create(const char *name,
 {
 	struct rte_cryptodev *dev;
 	struct snow3g_private *internals;
-	uint64_t cpu_flags = RTE_CRYPTODEV_FF_CPU_SSE;
+	MB_MGR *mgr;
 
 	dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
 	if (dev == NULL) {
@@ -566,10 +561,25 @@ cryptodev_snow3g_create(const char *name,
 	dev->enqueue_burst = snow3g_pmd_enqueue_burst;
 
 	dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
-			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
-			cpu_flags;
+			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING;
+
+	mgr = alloc_mb_mgr(0);
+	if (mgr == NULL)
+		return -ENOMEM;
+
+	if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX2)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX2;
+		init_mb_mgr_avx2(mgr);
+	} else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
+		init_mb_mgr_avx(mgr);
+	} else {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
+		init_mb_mgr_sse(mgr);
+	}
 
 	internals = dev->data->dev_private;
+	internals->mgr = mgr;
 
 	internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs;
 
@@ -609,6 +619,7 @@ cryptodev_snow3g_remove(struct rte_vdev_device *vdev)
 {
 	struct rte_cryptodev *cryptodev;
 	const char *name;
+	struct snow3g_private *internals;
 
 	name = rte_vdev_device_name(vdev);
 	if (name == NULL)
@@ -618,6 +629,10 @@ cryptodev_snow3g_remove(struct rte_vdev_device *vdev)
 	if (cryptodev == NULL)
 		return -ENODEV;
 
+	internals = cryptodev->data->dev_private;
+
+	free_mb_mgr(internals->mgr);
+
 	return rte_cryptodev_pmd_destroy(cryptodev);
 }
 
diff --git a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
index 8778f28..ea76637 100644
--- a/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
+++ b/drivers/crypto/snow3g/rte_snow3g_pmd_ops.c
@@ -201,6 +201,7 @@ snow3g_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		int socket_id)
 {
 	struct snow3g_qp *qp = NULL;
+	struct snow3g_private *internals = dev->data->dev_private;
 
 	/* Free memory prior to re-allocation if needed. */
 	if (dev->data->queue_pairs[qp_id] != NULL)
@@ -223,6 +224,7 @@ snow3g_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (qp->processed_ops == NULL)
 		goto qp_setup_cleanup;
 
+	qp->mgr = internals->mgr;
 	qp->sess_mp = qp_conf->mp_session;
 	qp->sess_mp_priv = qp_conf->mp_session_private;
 
@@ -253,13 +255,14 @@ snow3g_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused)
 
 /** Configure a SNOW 3G session from a crypto xform chain */
 static int
-snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
+snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev,
 		struct rte_crypto_sym_xform *xform,
 		struct rte_cryptodev_sym_session *sess,
 		struct rte_mempool *mempool)
 {
 	void *sess_private_data;
 	int ret;
+	struct snow3g_private *internals = dev->data->dev_private;
 
 	if (unlikely(sess == NULL)) {
 		SNOW3G_LOG(ERR, "invalid session struct");
@@ -272,7 +275,8 @@ snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
 		return -ENOMEM;
 	}
 
-	ret = snow3g_set_session_parameters(sess_private_data, xform);
+	ret = snow3g_set_session_parameters(internals->mgr,
+					sess_private_data, xform);
 	if (ret != 0) {
 		SNOW3G_LOG(ERR, "failed configure session parameters");
 
diff --git a/drivers/crypto/snow3g/snow3g_pmd_private.h b/drivers/crypto/snow3g/snow3g_pmd_private.h
index 1fe05eb..2074f3d 100644
--- a/drivers/crypto/snow3g/snow3g_pmd_private.h
+++ b/drivers/crypto/snow3g/snow3g_pmd_private.h
@@ -1,11 +1,11 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright(c) 2016-2018 Intel Corporation
+ * Copyright(c) 2016-2019 Intel Corporation
  */
 
 #ifndef _SNOW3G_PMD_PRIVATE_H_
 #define _SNOW3G_PMD_PRIVATE_H_
 
-#include <sso_snow3g.h>
+#include <intel-ipsec-mb.h>
 
 #define CRYPTODEV_NAME_SNOW3G_PMD	crypto_snow3g
 /**< SNOW 3G PMD device name */
@@ -25,6 +25,8 @@ int snow3g_logtype_driver;
 struct snow3g_private {
 	unsigned max_nb_queue_pairs;
 	/**< Max number of queue pairs supported by device */
+	MB_MGR *mgr;
+	/**< Multi-buffer instance */
 };
 
 /** SNOW 3G buffer queue pair */
@@ -46,6 +48,8 @@ struct snow3g_qp {
 	 * by the driver when verifying a digest provided
 	 * by the user (using authentication verify operation)
 	 */
+	MB_MGR *mgr;
+	/**< Multi-buffer instance */
 } __rte_cache_aligned;
 
 enum snow3g_operation {
@@ -60,15 +64,15 @@ enum snow3g_operation {
 struct snow3g_session {
 	enum snow3g_operation op;
 	enum rte_crypto_auth_operation auth_op;
-	sso_snow3g_key_schedule_t pKeySched_cipher;
-	sso_snow3g_key_schedule_t pKeySched_hash;
+	snow3g_key_schedule_t pKeySched_cipher;
+	snow3g_key_schedule_t pKeySched_hash;
 	uint16_t cipher_iv_offset;
 	uint16_t auth_iv_offset;
 } __rte_cache_aligned;
 
 
 extern int
-snow3g_set_session_parameters(struct snow3g_session *sess,
+snow3g_set_session_parameters(MB_MGR *mgr, struct snow3g_session *sess,
 		const struct rte_crypto_sym_xform *xform);
 
 
diff --git a/mk/rte.app.mk b/mk/rte.app.mk
index 494d26d..20c17b1 100644
--- a/mk/rte.app.mk
+++ b/mk/rte.app.mk
@@ -272,7 +272,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_QAT_SYM)     += -lrte_pmd_qat -lcrypto
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_QAT_ASYM)    += -lrte_pmd_qat -lcrypto
 endif # CONFIG_RTE_LIBRTE_PMD_QAT
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -lrte_pmd_snow3g
-_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -L$(LIBSSO_SNOW3G_PATH)/build -lsso_snow3g
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lrte_pmd_kasumi
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lrte_pmd_zuc
-- 
2.7.5


^ permalink raw reply	[flat|nested] 21+ messages in thread

* Re: [dpdk-dev] [PATCH v4 0/3] Use Intel IPSec MB library in Wireless PMDs
  2020-01-20 11:47     ` [dpdk-dev] [PATCH v4 0/3] Use Intel IPSec MB library in Wireless PMDs Pablo de Lara
                         ` (2 preceding siblings ...)
  2020-01-20 11:47       ` [dpdk-dev] [PATCH v4 3/3] crypto/snow3g: " Pablo de Lara
@ 2020-01-21 10:22       ` Akhil Goyal
  3 siblings, 0 replies; 21+ messages in thread
From: Akhil Goyal @ 2020-01-21 10:22 UTC (permalink / raw)
  To: Pablo de Lara, declan.doherty, bruce.richardson; +Cc: dev

> The three Intel SW Crypto PMDs supporting SNOW3G, ZUC and KASUMI link
> against libSSO libraries.
> The Intel IPSec Multi-buffer library recently integrated the code from these
> libraries, in version v0.53.
> This library can be downloaded from
> https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
> m%2Fintel%2Fintel-ipsec-
> mb&amp;data=02%7C01%7Cakhil.goyal%40nxp.com%7C5ffd94496dc54ff2320a
> 08d79d9e9c28%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C637151
> 176851109882&amp;sdata=FtTqorVaqtV89FBjDasUeK5lq%2B0Z8jj42iGzoIyVOG
> w%3D&amp;reserved=0.
> 
> KASUMI, SNOW3G and ZUC PMDs have been modified to use this single library,
> which is already used in the AESNI MB and AESNI GCM PMDs,
> reducing the number of external dependencies in the crypto PMDs.
> 
> Changes in v4:
> - Rebased against latest dpdk-next-crypto
> 
Series
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

Applied to dpdk-next-crypto

Thanks.

^ permalink raw reply	[flat|nested] 21+ messages in thread

end of thread, other threads:[~2020-01-21 10:23 UTC | newest]

Thread overview: 21+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-11 14:20 [dpdk-dev] [PATCH 0/3] Use Intel IPSec MB library in Wireless PMDs Pablo de Lara
2019-12-11 14:20 ` [dpdk-dev] [PATCH 1/3] crypto/zuc: use IPSec library Pablo de Lara
2019-12-11 14:20 ` [dpdk-dev] [PATCH 2/3] crypto/kasumi: " Pablo de Lara
2019-12-11 14:20 ` [dpdk-dev] [PATCH 3/3] crypto/snow3g: " Pablo de Lara
2020-01-13 11:40 ` [dpdk-dev] [PATCH v2 0/3] Use Intel IPSec MB library in Wireless PMDs Pablo de Lara
2020-01-13 11:40   ` [dpdk-dev] [PATCH v2 1/3] crypto/zuc: use IPSec library Pablo de Lara
2020-01-13 12:45     ` Bruce Richardson
2020-01-13 12:46       ` Bruce Richardson
2020-01-13 11:40   ` [dpdk-dev] [PATCH v2 2/3] crypto/kasumi: " Pablo de Lara
2020-01-13 11:40   ` [dpdk-dev] [PATCH v2 3/3] crypto/snow3g: " Pablo de Lara
2020-01-13 14:17   ` [dpdk-dev] [PATCH v2 0/3] Use Intel IPSec MB library in Wireless PMDs Ali Alnubani
2020-01-16  8:36     ` De Lara Guarch, Pablo
2020-01-16 11:41   ` [dpdk-dev] [PATCH v3 " Pablo de Lara
2020-01-16 11:41     ` [dpdk-dev] [PATCH v3 1/3] crypto/zuc: use IPSec library Pablo de Lara
2020-01-16 11:41     ` [dpdk-dev] [PATCH v3 2/3] crypto/kasumi: " Pablo de Lara
2020-01-16 11:41     ` [dpdk-dev] [PATCH v3 3/3] crypto/snow3g: " Pablo de Lara
2020-01-20 11:47     ` [dpdk-dev] [PATCH v4 0/3] Use Intel IPSec MB library in Wireless PMDs Pablo de Lara
2020-01-20 11:47       ` [dpdk-dev] [PATCH v4 1/3] crypto/zuc: use IPSec library Pablo de Lara
2020-01-20 11:47       ` [dpdk-dev] [PATCH v4 2/3] crypto/kasumi: " Pablo de Lara
2020-01-20 11:47       ` [dpdk-dev] [PATCH v4 3/3] crypto/snow3g: " Pablo de Lara
2020-01-21 10:22       ` [dpdk-dev] [PATCH v4 0/3] Use Intel IPSec MB library in Wireless PMDs Akhil Goyal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).