From: Pablo de Lara <pablo.de.lara.guarch@intel.com>
To: dev@dpdk.org
Cc: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Subject: [dpdk-dev] [PATCH 1/2] crypto/zuc: support IPSec Multi-buffer lib v0.54
Date: Tue, 21 Apr 2020 17:56:53 +0100 [thread overview]
Message-ID: <1587488214-68422-1-git-send-email-pablo.de.lara.guarch@intel.com> (raw)
The latest version of the Intel IPSec Multi-buffer library
adds an API to authenticate multiple buffers in parallel.
The PMD is modified to use this API, improving
performance of the ZUC-EIA3 algorithm.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
doc/guides/cryptodevs/zuc.rst | 6 +--
doc/guides/rel_notes/release_20_05.rst | 7 ++++
drivers/crypto/zuc/rte_zuc_pmd.c | 72 ++++++++++++++++++++++++++++++++++
3 files changed, 82 insertions(+), 3 deletions(-)
diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
index 38ea999..c384f3d 100644
--- a/doc/guides/cryptodevs/zuc.rst
+++ b/doc/guides/cryptodevs/zuc.rst
@@ -35,8 +35,8 @@ Installation
To build DPDK with the ZUC_PMD the user is required to download the multi-buffer
library from `here <https://github.com/01org/intel-ipsec-mb>`_
and compile it on their user system before building DPDK.
-The latest version of the library supported by this PMD is v0.53, which
-can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+The latest version of the library supported by this PMD is v0.54, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.54.zip>`_.
After downloading the library, the user needs to unpack and compile it
on their system before building DPDK:
@@ -63,7 +63,7 @@ and the external crypto libraries supported by them:
DPDK version Crypto library version
============= ================================
16.11 - 19.11 LibSSO ZUC
- 20.02+ Multi-buffer library 0.53
+ 20.02+ Multi-buffer library 0.53 - 0.54
============= ================================
diff --git a/doc/guides/rel_notes/release_20_05.rst b/doc/guides/rel_notes/release_20_05.rst
index 0cf026a..cd98c1c 100644
--- a/doc/guides/rel_notes/release_20_05.rst
+++ b/doc/guides/rel_notes/release_20_05.rst
@@ -84,6 +84,13 @@ New Features
* Added support for intel-ipsec-mb version 0.54.
+* **Updated the ZUC crypto PMD.**
+
+ * Added support for intel-ipsec-mb version 0.54.
+ * Updated the PMD to support Multi-buffer ZUC-EIA3,
+ improving performance significantly, when using
+ intel-ipsec-mb version 0.54
+
* **Added QAT intermediate buffer too small handling in QAT compression PMD.**
Added a special way of buffer handling when internal QAT intermediate buffer
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index 17926b4..463b5cd 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -232,6 +232,63 @@ process_zuc_cipher_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
}
/** Generate/verify hash from mbufs. */
+#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3)
+static int
+process_zuc_hash_op_mb(struct zuc_qp *qp, struct rte_crypto_op **ops,
+ struct zuc_session **sessions,
+ uint8_t num_ops)
+{
+ unsigned int i;
+ uint8_t processed_ops = 0;
+ uint8_t *src[ZUC_MAX_BURST];
+ uint32_t *dst[ZUC_MAX_BURST];
+ uint32_t length_in_bits[ZUC_MAX_BURST];
+ uint8_t *iv[ZUC_MAX_BURST];
+ const void *hash_keys[ZUC_MAX_BURST];
+ struct zuc_session *sess;
+
+ for (i = 0; i < num_ops; i++) {
+ /* Data must be byte aligned */
+ if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
+ ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+ ZUC_LOG(ERR, "Offset");
+ break;
+ }
+
+ sess = sessions[i];
+
+ length_in_bits[i] = ops[i]->sym->auth.data.length;
+
+ src[i] = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
+ (ops[i]->sym->auth.data.offset >> 3);
+ iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+ sess->auth_iv_offset);
+
+ hash_keys[i] = sess->pKey_hash;
+ if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY)
+ dst[i] = (uint32_t *)qp->temp_digest;
+ else
+ dst[i] = (uint32_t *)ops[i]->sym->auth.digest.data;
+
+ processed_ops++;
+ }
+
+ IMB_ZUC_EIA3_N_BUFFER(qp->mb_mgr, (const void **)hash_keys,
+ (const void **)iv, (const void **)src, length_in_bits,
+ dst, processed_ops);
+
+ /*
+ * If tag needs to be verified, compare generated tag
+ * with attached tag
+ */
+ for (i = 0; i < processed_ops; i++)
+ if (sessions[i]->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY)
+ if (memcmp(dst[i], ops[i]->sym->auth.digest.data,
+ ZUC_DIGEST_LENGTH) != 0)
+ ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
+ return processed_ops;
+}
+#else
static int
process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
struct zuc_session **sessions,
@@ -284,6 +341,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
return processed_ops;
}
+#endif
/** Process a batch of crypto ops which shares the same operation type. */
static int
@@ -301,17 +359,31 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type,
sessions, num_ops);
break;
case ZUC_OP_ONLY_AUTH:
+#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3)
+ processed_ops = process_zuc_hash_op_mb(qp, ops, sessions,
+ num_ops);
+#else
processed_ops = process_zuc_hash_op(qp, ops, sessions,
num_ops);
+#endif
break;
case ZUC_OP_CIPHER_AUTH:
processed_ops = process_zuc_cipher_op(qp, ops, sessions,
num_ops);
+#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3)
+ process_zuc_hash_op_mb(qp, ops, sessions, processed_ops);
+#else
process_zuc_hash_op(qp, ops, sessions, processed_ops);
+#endif
break;
case ZUC_OP_AUTH_CIPHER:
+#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3)
+ processed_ops = process_zuc_hash_op_mb(qp, ops, sessions,
+ num_ops);
+#else
processed_ops = process_zuc_hash_op(qp, ops, sessions,
num_ops);
+#endif
process_zuc_cipher_op(qp, ops, sessions, processed_ops);
break;
default:
--
2.7.5
next reply other threads:[~2020-04-21 16:57 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-21 16:56 Pablo de Lara [this message]
2020-04-21 16:56 ` [dpdk-dev] [PATCH 2/2] doc: support IPsec " Pablo de Lara
2020-05-09 19:05 ` [dpdk-dev] [PATCH 1/2] crypto/zuc: support IPSec " Akhil Goyal
2020-05-10 19:33 ` De Lara Guarch, Pablo
2020-05-10 19:40 ` [dpdk-dev] [PATCH v2 " Pablo de Lara
2020-05-10 19:40 ` [dpdk-dev] [PATCH v2 2/2] doc: support IPsec " Pablo de Lara
2020-05-11 7:43 ` [dpdk-dev] [PATCH v2 1/2] crypto/zuc: support IPSec " Akhil Goyal
2020-05-11 9:14 ` [dpdk-dev] [PATCH v3 " Pablo de Lara
2020-05-11 9:14 ` [dpdk-dev] [PATCH v3 2/2] doc: support IPsec " Pablo de Lara
2020-05-11 10:28 ` [dpdk-dev] [PATCH v3 1/2] crypto/zuc: support IPSec " Akhil Goyal
2020-05-11 12:06 ` De Lara Guarch, Pablo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1587488214-68422-1-git-send-email-pablo.de.lara.guarch@intel.com \
--to=pablo.de.lara.guarch@intel.com \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).