From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id C2417A0350; Sun, 10 May 2020 21:41:06 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 2AB5E1D153; Sun, 10 May 2020 21:41:06 +0200 (CEST) Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by dpdk.org (Postfix) with ESMTP id C13FC1D152 for ; Sun, 10 May 2020 21:41:03 +0200 (CEST) IronPort-SDR: 9+eoYkzsNLoeJ7GhIyOvqdTk0++f8RJ8cxMA6t16zpwQPYjFxMOtWJbTA+gCvvwAsKiK96dUwQ E/kdp25CpHvw== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 May 2020 12:41:02 -0700 IronPort-SDR: Vq/8DzVJgVRnuVdzTQ1dxtyo5ZT4K/A2/dtbuhVpObk7Jq2Z7b1/Iu0dsXOWzS9yLEmDK5J49C b0VF0b6aiSQQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,377,1583222400"; d="scan'208";a="279586072" Received: from silpixa00399593.ir.intel.com (HELO silpixa00399593.ger.corp.intel.com) ([10.237.223.21]) by orsmga002.jf.intel.com with ESMTP; 10 May 2020 12:41:01 -0700 From: Pablo de Lara To: akhil.goyal@nxp.com Cc: dev@dpdk.org, Pablo de Lara Date: Sun, 10 May 2020 20:40:49 +0100 Message-Id: <1589139650-195685-1-git-send-email-pablo.de.lara.guarch@intel.com> X-Mailer: git-send-email 2.7.5 In-Reply-To: <1587488214-68422-1-git-send-email-pablo.de.lara.guarch@intel.com> References: <1587488214-68422-1-git-send-email-pablo.de.lara.guarch@intel.com> Subject: [dpdk-dev] [PATCH v2 1/2] crypto/zuc: support IPSec Multi-buffer lib v0.54 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" The latest version of the Intel IPSec Multi-buffer library adds an API to authenticate multiple buffers in parallel. The PMD is modified to use this API, improving performance of the ZUC-EIA3 algorithm. Signed-off-by: Pablo de Lara --- v2: - Simplified logic in process_hash_op per Akhil's comments doc/guides/cryptodevs/zuc.rst | 6 ++-- doc/guides/rel_notes/release_20_05.rst | 7 ++++ drivers/crypto/zuc/rte_zuc_pmd.c | 58 ++++++++++++++++++++-------------- 3 files changed, 44 insertions(+), 27 deletions(-) diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst index 38ea999..c384f3d 100644 --- a/doc/guides/cryptodevs/zuc.rst +++ b/doc/guides/cryptodevs/zuc.rst @@ -35,8 +35,8 @@ Installation To build DPDK with the ZUC_PMD the user is required to download the multi-buffer library from `here `_ and compile it on their user system before building DPDK. -The latest version of the library supported by this PMD is v0.53, which -can be downloaded from ``_. +The latest version of the library supported by this PMD is v0.54, which +can be downloaded from ``_. After downloading the library, the user needs to unpack and compile it on their system before building DPDK: @@ -63,7 +63,7 @@ and the external crypto libraries supported by them: DPDK version Crypto library version ============= ================================ 16.11 - 19.11 LibSSO ZUC - 20.02+ Multi-buffer library 0.53 + 20.02+ Multi-buffer library 0.53 - 0.54 ============= ================================ diff --git a/doc/guides/rel_notes/release_20_05.rst b/doc/guides/rel_notes/release_20_05.rst index fe6c75e..7d3a4bf 100644 --- a/doc/guides/rel_notes/release_20_05.rst +++ b/doc/guides/rel_notes/release_20_05.rst @@ -155,6 +155,13 @@ New Features * Added support for intel-ipsec-mb version 0.54. +* **Updated the ZUC crypto PMD.** + + * Added support for intel-ipsec-mb version 0.54. + * Updated the PMD to support Multi-buffer ZUC-EIA3, + improving performance significantly, when using + intel-ipsec-mb version 0.54 + * **Added a new driver for Intel Foxville I225 devices.** Added the new ``igc`` net driver for Intel Foxville I225 devices. See the diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c index 17926b4..45ae04b 100644 --- a/drivers/crypto/zuc/rte_zuc_pmd.c +++ b/drivers/crypto/zuc/rte_zuc_pmd.c @@ -237,12 +237,13 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops, struct zuc_session **sessions, uint8_t num_ops) { - unsigned i; + unsigned int i; uint8_t processed_ops = 0; - uint8_t *src; - uint32_t *dst; - uint32_t length_in_bits; - uint8_t *iv; + uint8_t *src[ZUC_MAX_BURST]; + uint32_t *dst[ZUC_MAX_BURST]; + uint32_t length_in_bits[ZUC_MAX_BURST]; + uint8_t *iv[ZUC_MAX_BURST]; + const void *hash_keys[ZUC_MAX_BURST]; struct zuc_session *sess; for (i = 0; i < num_ops; i++) { @@ -255,33 +256,42 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops, sess = sessions[i]; - length_in_bits = ops[i]->sym->auth.data.length; + length_in_bits[i] = ops[i]->sym->auth.data.length; - src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) + + src[i] = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) + (ops[i]->sym->auth.data.offset >> 3); - iv = rte_crypto_op_ctod_offset(ops[i], uint8_t *, + iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *, sess->auth_iv_offset); - if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) { - dst = (uint32_t *)qp->temp_digest; - - IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash, - iv, src, - length_in_bits, dst); - /* Verify digest. */ - if (memcmp(dst, ops[i]->sym->auth.digest.data, - ZUC_DIGEST_LENGTH) != 0) - ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } else { - dst = (uint32_t *)ops[i]->sym->auth.digest.data; + hash_keys[i] = sess->pKey_hash; + if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) + dst[i] = (uint32_t *)qp->temp_digest; + else + dst[i] = (uint32_t *)ops[i]->sym->auth.digest.data; - IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash, - iv, src, - length_in_bits, dst); - } +#if IMB_VERSION_NUM < IMB_VERSION(0, 53, 3) + IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, hash_keys[i], + iv[i], src[i], length_in_bits[i], dst[i]); +#endif processed_ops++; } +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + IMB_ZUC_EIA3_N_BUFFER(qp->mb_mgr, (const void **)hash_keys, + (const void **)iv, (const void **)src, length_in_bits, + dst, processed_ops); +#endif + + /* + * If tag needs to be verified, compare generated tag + * with attached tag + */ + for (i = 0; i < processed_ops; i++) + if (sessions[i]->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) + if (memcmp(dst[i], ops[i]->sym->auth.digest.data, + ZUC_DIGEST_LENGTH) != 0) + ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; + return processed_ops; } -- 2.7.5