From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 07828A0598;
	Tue, 21 Apr 2020 18:57:03 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 315751D51D;
	Tue, 21 Apr 2020 18:57:03 +0200 (CEST)
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
 by dpdk.org (Postfix) with ESMTP id BAE941D445
 for <dev@dpdk.org>; Tue, 21 Apr 2020 18:57:00 +0200 (CEST)
IronPort-SDR: WxLIxinC2c/QkCM+pnACTefRNVelDrx/X6xPLbKils+kbA8WfgeD/Taw2R/DjzhxEPQOaszp9j
 BTEUDfMh8glA==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga004.jf.intel.com ([10.7.209.38])
 by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 21 Apr 2020 09:56:59 -0700
IronPort-SDR: +/I3jxUfFyzVybtR/2OdmgVMH4jrVaDzDKtEbc6h33dgk/XSPm3COWFnCx9igAyDwetXm1w6dS
 JdFDN/R3v0sQ==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.72,411,1580803200"; d="scan'208";a="402248274"
Received: from silpixa00399593.ir.intel.com (HELO
 silpixa00399593.ger.corp.intel.com) ([10.237.223.21])
 by orsmga004.jf.intel.com with ESMTP; 21 Apr 2020 09:56:57 -0700
From: Pablo de Lara <pablo.de.lara.guarch@intel.com>
To: dev@dpdk.org
Cc: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Date: Tue, 21 Apr 2020 17:56:53 +0100
Message-Id: <1587488214-68422-1-git-send-email-pablo.de.lara.guarch@intel.com>
X-Mailer: git-send-email 2.7.5
Subject: [dpdk-dev] [PATCH 1/2] crypto/zuc: support IPSec Multi-buffer lib
	v0.54
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

The latest version of the Intel IPSec Multi-buffer library
adds an API to authenticate multiple buffers in parallel.
The PMD is modified to use this API, improving
performance of the ZUC-EIA3 algorithm.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 doc/guides/cryptodevs/zuc.rst          |  6 +--
 doc/guides/rel_notes/release_20_05.rst |  7 ++++
 drivers/crypto/zuc/rte_zuc_pmd.c       | 72 ++++++++++++++++++++++++++++++++++
 3 files changed, 82 insertions(+), 3 deletions(-)

diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
index 38ea999..c384f3d 100644
--- a/doc/guides/cryptodevs/zuc.rst
+++ b/doc/guides/cryptodevs/zuc.rst
@@ -35,8 +35,8 @@ Installation
 To build DPDK with the ZUC_PMD the user is required to download the multi-buffer
 library from `here <https://github.com/01org/intel-ipsec-mb>`_
 and compile it on their user system before building DPDK.
-The latest version of the library supported by this PMD is v0.53, which
-can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+The latest version of the library supported by this PMD is v0.54, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.54.zip>`_.
 
 After downloading the library, the user needs to unpack and compile it
 on their system before building DPDK:
@@ -63,7 +63,7 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    16.11 - 19.11  LibSSO ZUC
-   20.02+         Multi-buffer library 0.53
+   20.02+         Multi-buffer library 0.53 - 0.54
    =============  ================================
 
 
diff --git a/doc/guides/rel_notes/release_20_05.rst b/doc/guides/rel_notes/release_20_05.rst
index 0cf026a..cd98c1c 100644
--- a/doc/guides/rel_notes/release_20_05.rst
+++ b/doc/guides/rel_notes/release_20_05.rst
@@ -84,6 +84,13 @@ New Features
 
   * Added support for intel-ipsec-mb version 0.54.
 
+* **Updated the ZUC crypto PMD.**
+
+  * Added support for intel-ipsec-mb version 0.54.
+  * Updated the PMD to support Multi-buffer ZUC-EIA3,
+    improving performance significantly, when using
+    intel-ipsec-mb version 0.54
+
 * **Added QAT intermediate buffer too small handling in QAT compression PMD.**
 
   Added a special way of buffer handling when internal QAT intermediate buffer
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index 17926b4..463b5cd 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -232,6 +232,63 @@ process_zuc_cipher_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 }
 
 /** Generate/verify hash from mbufs. */
+#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3)
+static int
+process_zuc_hash_op_mb(struct zuc_qp *qp, struct rte_crypto_op **ops,
+		struct zuc_session **sessions,
+		uint8_t num_ops)
+{
+	unsigned int i;
+	uint8_t processed_ops = 0;
+	uint8_t *src[ZUC_MAX_BURST];
+	uint32_t *dst[ZUC_MAX_BURST];
+	uint32_t length_in_bits[ZUC_MAX_BURST];
+	uint8_t *iv[ZUC_MAX_BURST];
+	const void *hash_keys[ZUC_MAX_BURST];
+	struct zuc_session *sess;
+
+	for (i = 0; i < num_ops; i++) {
+		/* Data must be byte aligned */
+		if ((ops[i]->sym->auth.data.offset % BYTE_LEN) != 0) {
+			ops[i]->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+			ZUC_LOG(ERR, "Offset");
+			break;
+		}
+
+		sess = sessions[i];
+
+		length_in_bits[i] = ops[i]->sym->auth.data.length;
+
+		src[i] = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
+				(ops[i]->sym->auth.data.offset >> 3);
+		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+				sess->auth_iv_offset);
+
+		hash_keys[i] = sess->pKey_hash;
+		if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY)
+			dst[i] = (uint32_t *)qp->temp_digest;
+		else
+			dst[i] = (uint32_t *)ops[i]->sym->auth.digest.data;
+
+		processed_ops++;
+	}
+
+	IMB_ZUC_EIA3_N_BUFFER(qp->mb_mgr, (const void **)hash_keys,
+			(const void **)iv, (const void **)src, length_in_bits,
+			dst, processed_ops);
+
+	/*
+	 * If tag needs to be verified, compare generated tag
+	 * with attached tag
+	 */
+	for (i = 0; i < processed_ops; i++)
+		if (sessions[i]->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY)
+			if (memcmp(dst[i], ops[i]->sym->auth.digest.data,
+					ZUC_DIGEST_LENGTH) != 0)
+				ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
+	return processed_ops;
+}
+#else
 static int
 process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 		struct zuc_session **sessions,
@@ -284,6 +341,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 
 	return processed_ops;
 }
+#endif
 
 /** Process a batch of crypto ops which shares the same operation type. */
 static int
@@ -301,17 +359,31 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type,
 				sessions, num_ops);
 		break;
 	case ZUC_OP_ONLY_AUTH:
+#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3)
+		processed_ops = process_zuc_hash_op_mb(qp, ops, sessions,
+				num_ops);
+#else
 		processed_ops = process_zuc_hash_op(qp, ops, sessions,
 				num_ops);
+#endif
 		break;
 	case ZUC_OP_CIPHER_AUTH:
 		processed_ops = process_zuc_cipher_op(qp, ops, sessions,
 				num_ops);
+#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3)
+		process_zuc_hash_op_mb(qp, ops, sessions, processed_ops);
+#else
 		process_zuc_hash_op(qp, ops, sessions, processed_ops);
+#endif
 		break;
 	case ZUC_OP_AUTH_CIPHER:
+#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3)
+		processed_ops = process_zuc_hash_op_mb(qp, ops, sessions,
+				num_ops);
+#else
 		processed_ops = process_zuc_hash_op(qp, ops, sessions,
 				num_ops);
+#endif
 		process_zuc_cipher_op(qp, ops, sessions, processed_ops);
 		break;
 	default:
-- 
2.7.5