From: Pablo de Lara <pablo.de.lara.guarch@intel.com>
To: dev@dpdk.org
Cc: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Subject: [dpdk-dev] [RFC PATCH 1/5] crypto/zuc: use IPSec MB library v0.53
Date: Thu, 5 Mar 2020 15:34:50 +0000 [thread overview]
Message-ID: <20200305153454.724874-2-pablo.de.lara.guarch@intel.com> (raw)
In-Reply-To: <20200305153454.724874-1-pablo.de.lara.guarch@intel.com>
Link against Intel IPSec Multi-buffer library, which
added support for ZUC-EEA3 and ZUC-EIA3 from version v0.53,
moving from libSSO ZUC library.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
devtools/test-build.sh | 6 +--
doc/guides/cryptodevs/zuc.rst | 52 ++++++++++++---------
drivers/crypto/zuc/Makefile | 28 +++++++-----
drivers/crypto/zuc/meson.build | 13 +++++-
drivers/crypto/zuc/rte_zuc_pmd.c | 58 +++++++++++++++++-------
drivers/crypto/zuc/rte_zuc_pmd_ops.c | 2 +
drivers/crypto/zuc/rte_zuc_pmd_private.h | 6 ++-
mk/rte.app.mk | 2 +-
8 files changed, 110 insertions(+), 57 deletions(-)
diff --git a/devtools/test-build.sh b/devtools/test-build.sh
index 42f4ad003..911f77e01 100755
--- a/devtools/test-build.sh
+++ b/devtools/test-build.sh
@@ -25,7 +25,6 @@ default_path=$PATH
# - LIBMUSDK_PATH
# - LIBSSO_SNOW3G_PATH
# - LIBSSO_KASUMI_PATH
-# - LIBSSO_ZUC_PATH
. $(dirname $(readlink -e $0))/load-devel-config
print_usage () {
@@ -111,7 +110,6 @@ reset_env ()
unset LIBMUSDK_PATH
unset LIBSSO_SNOW3G_PATH
unset LIBSSO_KASUMI_PATH
- unset LIBSSO_ZUC_PATH
unset PQOS_INSTALL_PATH
}
@@ -165,12 +163,12 @@ config () # <directory> <target> <options>
sed -ri 's,(PMD_AESNI_MB=)n,\1y,' $1/.config
test "$DPDK_DEP_IPSEC_MB" != y || \
sed -ri 's,(PMD_AESNI_GCM=)n,\1y,' $1/.config
+ test "$DPDK_DEP_IPSEC_MB" != y || \
+ sed -ri 's,(PMD_ZUC=)n,\1y,' $1/.config
test -z "$LIBSSO_SNOW3G_PATH" || \
sed -ri 's,(PMD_SNOW3G=)n,\1y,' $1/.config
test -z "$LIBSSO_KASUMI_PATH" || \
sed -ri 's,(PMD_KASUMI=)n,\1y,' $1/.config
- test -z "$LIBSSO_ZUC_PATH" || \
- sed -ri 's,(PMD_ZUC=)n,\1y,' $1/.config
test "$DPDK_DEP_SSL" != y || \
sed -ri 's,(PMD_CCP=)n,\1y,' $1/.config
test "$DPDK_DEP_SSL" != y || \
diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
index e38989968..d4001b1f4 100644
--- a/doc/guides/cryptodevs/zuc.rst
+++ b/doc/guides/cryptodevs/zuc.rst
@@ -1,12 +1,12 @@
.. SPDX-License-Identifier: BSD-3-Clause
- Copyright(c) 2016 Intel Corporation.
+ Copyright(c) 2016-2019 Intel Corporation.
ZUC Crypto Poll Mode Driver
===========================
-The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver
-support for utilizing Intel Libsso library, which implements F8 and F9 functions
-for ZUC EEA3 cipher and EIA3 hash algorithms.
+The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver support for
+utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_
+which implements F8 and F9 functions for ZUC EEA3 cipher and EIA3 hash algorithms.
Features
--------
@@ -27,36 +27,46 @@ Limitations
* Chained mbufs are not supported.
* ZUC (EIA3) supported only if hash offset field is byte-aligned.
* ZUC (EEA3) supported only if cipher length, cipher offset fields are byte-aligned.
-* ZUC PMD cannot be built as a shared library, due to limitations in
- in the underlying library.
Installation
------------
-To build DPDK with the ZUC_PMD the user is required to download
-the export controlled ``libsso_zuc`` library, by registering in
-`Intel Resource & Design Center <https://www.intel.com/content/www/us/en/design/resource-design-center.html>`_.
-Once approval has been granted, the user needs to search for
-*ZUC 128-EAA3 and 128-EIA3 3GPP cryptographic algorithms Software Library* to download the
-library or directly through this `link <https://cdrdv2.intel.com/v1/dl/getContent/575868>`_.
+To build DPDK with the ZUC_PMD the user is required to download the multi-buffer
+library from `here <https://github.com/01org/intel-ipsec-mb>`_
+and compile it on their user system before building DPDK.
+The latest version of the library supported by this PMD is v0.53, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+
After downloading the library, the user needs to unpack and compile it
-on their system before building DPDK::
+on their system before building DPDK:
+
+.. code-block:: console
+
+ make
+ make install
+
+As a reference, the following table shows a mapping between the past DPDK versions
+and the external crypto libraries supported by them:
+
+.. _table_zuc_versions:
+
+.. table:: DPDK and external crypto library version compatibility
+
+ ============= ================================
+ DPDK version Crypto library version
+ ============= ================================
+ 16.11 - 19.11 LibSSO ZUC
+ 20.02+ Multi-buffer library 0.53
+ ============= ================================
- make
Initialization
--------------
In order to enable this virtual crypto PMD, user must:
-* Export the environmental variable LIBSSO_ZUC_PATH with the path where
- the library was extracted (zuc folder).
-
-* Export the environmental variable LD_LIBRARY_PATH with the path
- where the built libsso library is (LIBSSO_ZUC_PATH/build).
-
-* Build the LIBSSO_ZUC library (explained in Installation section).
+* Build the multi buffer library (explained in Installation section).
* Build DPDK as follows:
diff --git a/drivers/crypto/zuc/Makefile b/drivers/crypto/zuc/Makefile
index 68d84eebc..cc0d7943b 100644
--- a/drivers/crypto/zuc/Makefile
+++ b/drivers/crypto/zuc/Makefile
@@ -1,14 +1,8 @@
# SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2016 Intel Corporation
+# Copyright(c) 2016-2019 Intel Corporation
include $(RTE_SDK)/mk/rte.vars.mk
-ifneq ($(MAKECMDGOALS),clean)
-ifeq ($(LIBSSO_ZUC_PATH),)
-$(error "Please define LIBSSO_ZUC_PATH environment variable")
-endif
-endif
-
# library name
LIB = librte_pmd_zuc.a
@@ -23,14 +17,26 @@ LIBABIVER := 1
EXPORT_MAP := rte_pmd_zuc_version.map
# external library dependencies
-CFLAGS += -I$(LIBSSO_ZUC_PATH)
-CFLAGS += -I$(LIBSSO_ZUC_PATH)/include
-CFLAGS += -I$(LIBSSO_ZUC_PATH)/build
-LDLIBS += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc
+LDLIBS += -lIPSec_MB
LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring
LDLIBS += -lrte_cryptodev
LDLIBS += -lrte_bus_vdev
+IMB_HDR = $(shell echo '\#include <intel-ipsec-mb.h>' | \
+ $(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \
+ head -n1 | cut -d'"' -f2)
+
+# Detect library version
+IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2)
+IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3)
+
+ifeq ($(IMB_VERSION),)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
+ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
# library source files
SRCS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += rte_zuc_pmd.c
SRCS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += rte_zuc_pmd_ops.c
diff --git a/drivers/crypto/zuc/meson.build b/drivers/crypto/zuc/meson.build
index b8ca7107e..f0fcd8246 100644
--- a/drivers/crypto/zuc/meson.build
+++ b/drivers/crypto/zuc/meson.build
@@ -1,11 +1,20 @@
# SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2018 Intel Corporation
+# Copyright(c) 2018-2020 Intel Corporation
-lib = cc.find_library('libsso_zuc', required: false)
+IMB_required_ver = '0.53.0'
+lib = cc.find_library('IPSec_MB', required: false)
if not lib.found()
build = false
else
ext_deps += lib
+ # version comes with quotes, so we split based on " and take the middle
+ imb_ver = cc.get_define('IMB_VERSION_STR',
+ prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
+
+ if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver))
+ build = false
+ endif
+
endif
sources = files('rte_zuc_pmd.c', 'rte_zuc_pmd_ops.c')
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index 313f4590b..c880eea7c 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -11,7 +11,7 @@
#include <rte_cpuflags.h>
#include "rte_zuc_pmd_private.h"
-#define ZUC_MAX_BURST 4
+#define ZUC_MAX_BURST 16
#define BYTE_LEN 8
static uint8_t cryptodev_driver_id;
@@ -169,16 +169,17 @@ zuc_get_session(struct zuc_qp *qp, struct rte_crypto_op *op)
/** Encrypt/decrypt mbufs. */
static uint8_t
-process_zuc_cipher_op(struct rte_crypto_op **ops,
+process_zuc_cipher_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
struct zuc_session **sessions,
uint8_t num_ops)
{
unsigned i;
uint8_t processed_ops = 0;
- uint8_t *src[ZUC_MAX_BURST], *dst[ZUC_MAX_BURST];
- uint8_t *iv[ZUC_MAX_BURST];
+ const void *src[ZUC_MAX_BURST];
+ void *dst[ZUC_MAX_BURST];
+ const void *iv[ZUC_MAX_BURST];
uint32_t num_bytes[ZUC_MAX_BURST];
- uint8_t *cipher_keys[ZUC_MAX_BURST];
+ const void *cipher_keys[ZUC_MAX_BURST];
struct zuc_session *sess;
for (i = 0; i < num_ops; i++) {
@@ -221,7 +222,8 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
processed_ops++;
}
- sso_zuc_eea3_n_buffer(cipher_keys, iv, src, dst,
+ IMB_ZUC_EEA3_N_BUFFER(qp->mb_mgr, (const void **)cipher_keys,
+ (const void **)iv, (const void **)src, (void **)dst,
num_bytes, processed_ops);
return processed_ops;
@@ -261,7 +263,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
dst = (uint32_t *)qp->temp_digest;
- sso_zuc_eia3_1_buffer(sess->pKey_hash,
+ IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash,
iv, src,
length_in_bits, dst);
/* Verify digest. */
@@ -271,7 +273,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
} else {
dst = (uint32_t *)ops[i]->sym->auth.digest.data;
- sso_zuc_eia3_1_buffer(sess->pKey_hash,
+ IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash,
iv, src,
length_in_bits, dst);
}
@@ -293,7 +295,7 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type,
switch (op_type) {
case ZUC_OP_ONLY_CIPHER:
- processed_ops = process_zuc_cipher_op(ops,
+ processed_ops = process_zuc_cipher_op(qp, ops,
sessions, num_ops);
break;
case ZUC_OP_ONLY_AUTH:
@@ -301,14 +303,14 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type,
num_ops);
break;
case ZUC_OP_CIPHER_AUTH:
- processed_ops = process_zuc_cipher_op(ops, sessions,
+ processed_ops = process_zuc_cipher_op(qp, ops, sessions,
num_ops);
process_zuc_hash_op(qp, ops, sessions, processed_ops);
break;
case ZUC_OP_AUTH_CIPHER:
processed_ops = process_zuc_hash_op(qp, ops, sessions,
num_ops);
- process_zuc_cipher_op(ops, sessions, processed_ops);
+ process_zuc_cipher_op(qp, ops, sessions, processed_ops);
break;
default:
/* Operation not supported. */
@@ -455,8 +457,7 @@ cryptodev_zuc_create(const char *name,
{
struct rte_cryptodev *dev;
struct zuc_private *internals;
- uint64_t cpu_flags = RTE_CRYPTODEV_FF_CPU_SSE;
-
+ MB_MGR *mb_mgr;
dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
if (dev == NULL) {
@@ -464,6 +465,27 @@ cryptodev_zuc_create(const char *name,
goto init_error;
}
+ dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
+ RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING;
+
+ mb_mgr = alloc_mb_mgr(0);
+ if (mb_mgr == NULL)
+ return -ENOMEM;
+
+ if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX512F)) {
+ dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX512;
+ init_mb_mgr_avx512(mb_mgr);
+ } else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX2)) {
+ dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX2;
+ init_mb_mgr_avx2(mb_mgr);
+ } else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) {
+ dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
+ init_mb_mgr_avx(mb_mgr);
+ } else {
+ dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
+ init_mb_mgr_sse(mb_mgr);
+ }
+
dev->driver_id = cryptodev_driver_id;
dev->dev_ops = rte_zuc_pmd_ops;
@@ -471,11 +493,8 @@ cryptodev_zuc_create(const char *name,
dev->dequeue_burst = zuc_pmd_dequeue_burst;
dev->enqueue_burst = zuc_pmd_enqueue_burst;
- dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
- RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
- cpu_flags;
-
internals = dev->data->dev_private;
+ internals->mb_mgr = mb_mgr;
internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs;
@@ -516,6 +535,7 @@ cryptodev_zuc_remove(struct rte_vdev_device *vdev)
struct rte_cryptodev *cryptodev;
const char *name;
+ struct zuc_private *internals;
name = rte_vdev_device_name(vdev);
if (name == NULL)
@@ -525,6 +545,10 @@ cryptodev_zuc_remove(struct rte_vdev_device *vdev)
if (cryptodev == NULL)
return -ENODEV;
+ internals = cryptodev->data->dev_private;
+
+ free_mb_mgr(internals->mb_mgr);
+
return rte_cryptodev_pmd_destroy(cryptodev);
}
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index 6da396542..14a831867 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -196,6 +196,7 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
int socket_id, struct rte_mempool *session_pool)
{
struct zuc_qp *qp = NULL;
+ struct zuc_private *internals = dev->data->dev_private;
/* Free memory prior to re-allocation if needed. */
if (dev->data->queue_pairs[qp_id] != NULL)
@@ -218,6 +219,7 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
if (qp->processed_ops == NULL)
goto qp_setup_cleanup;
+ qp->mb_mgr = internals->mb_mgr;
qp->sess_mp = session_pool;
memset(&qp->qp_stats, 0, sizeof(qp->qp_stats));
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_private.h b/drivers/crypto/zuc/rte_zuc_pmd_private.h
index 5e5906ddb..e049df377 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_private.h
+++ b/drivers/crypto/zuc/rte_zuc_pmd_private.h
@@ -5,7 +5,7 @@
#ifndef _RTE_ZUC_PMD_PRIVATE_H_
#define _RTE_ZUC_PMD_PRIVATE_H_
-#include <sso_zuc.h>
+#include <intel-ipsec-mb.h>
#define CRYPTODEV_NAME_ZUC_PMD crypto_zuc
/**< KASUMI PMD device name */
@@ -24,6 +24,8 @@ int zuc_logtype_driver;
struct zuc_private {
unsigned max_nb_queue_pairs;
/**< Max number of queue pairs supported by device */
+ MB_MGR *mb_mgr;
+ /**< Multi-buffer instance */
};
/** ZUC buffer queue pair */
@@ -43,6 +45,8 @@ struct zuc_qp {
* by the driver when verifying a digest provided
* by the user (using authentication verify operation)
*/
+ MB_MGR *mb_mgr;
+ /**< Multi-buffer instance */
} __rte_cache_aligned;
enum zuc_operation {
diff --git a/mk/rte.app.mk b/mk/rte.app.mk
index 5699d979d..7c04ee490 100644
--- a/mk/rte.app.mk
+++ b/mk/rte.app.mk
@@ -233,7 +233,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += -L$(LIBSSO_SNOW3G_PATH)/build -l
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += -lrte_pmd_kasumi
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -lrte_pmd_zuc
-_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -lIPSec_MB
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO) += -lrte_pmd_armv8
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO) += -L$(ARMV8_CRYPTO_LIB_PATH) -larmv8_crypto
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_MVSAM_CRYPTO) += -L$(LIBMUSDK_PATH)/lib -lrte_pmd_mvsam_crypto -lmusdk
--
2.24.1
next prev parent reply other threads:[~2020-03-05 17:09 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-05 15:34 [dpdk-dev] [RFC PATCH 0/5] Support Intel IPSec MB v0.53 in DPDK 18.11 Pablo de Lara
2020-03-05 15:34 ` Pablo de Lara [this message]
2020-03-05 15:34 ` [dpdk-dev] [RFC PATCH 2/5] crypto/snow3g: use IPSec MB library v0.53 Pablo de Lara
2020-03-05 15:34 ` [dpdk-dev] [RFC PATCH 3/5] crypto/kasumi: " Pablo de Lara
2020-03-05 15:34 ` [dpdk-dev] [RFC PATCH 4/5] crypto/aesni_mb: support " Pablo de Lara
2020-03-05 15:34 ` [dpdk-dev] [RFC PATCH 5/5] crypto/aesni_gcm: " Pablo de Lara
2020-03-19 14:32 ` [dpdk-dev] [RFC PATCH 0/5] Support Intel IPSec MB v0.53 in DPDK 18.11 Kevin Traynor
2020-03-20 15:14 ` De Lara Guarch, Pablo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200305153454.724874-2-pablo.de.lara.guarch@intel.com \
--to=pablo.de.lara.guarch@intel.com \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).