From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id DE65EA0564; Thu, 5 Mar 2020 18:09:48 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 5EBC71BFDA; Thu, 5 Mar 2020 18:09:40 +0100 (CET) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by dpdk.org (Postfix) with ESMTP id 3282F2BA8 for ; Thu, 5 Mar 2020 18:09:37 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Mar 2020 09:09:36 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,518,1574150400"; d="scan'208";a="275173376" Received: from silpixa00400565.ir.intel.com (HELO silpixa00400565.ger.corp.intel.com) ([10.237.222.249]) by fmsmga002.fm.intel.com with ESMTP; 05 Mar 2020 09:09:35 -0800 From: Pablo de Lara To: dev@dpdk.org Cc: Pablo de Lara Date: Thu, 5 Mar 2020 15:34:50 +0000 Message-Id: <20200305153454.724874-2-pablo.de.lara.guarch@intel.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200305153454.724874-1-pablo.de.lara.guarch@intel.com> References: <20200305153454.724874-1-pablo.de.lara.guarch@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [RFC PATCH 1/5] crypto/zuc: use IPSec MB library v0.53 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Link against Intel IPSec Multi-buffer library, which added support for ZUC-EEA3 and ZUC-EIA3 from version v0.53, moving from libSSO ZUC library. Signed-off-by: Pablo de Lara --- devtools/test-build.sh | 6 +-- doc/guides/cryptodevs/zuc.rst | 52 ++++++++++++--------- drivers/crypto/zuc/Makefile | 28 +++++++----- drivers/crypto/zuc/meson.build | 13 +++++- drivers/crypto/zuc/rte_zuc_pmd.c | 58 +++++++++++++++++------- drivers/crypto/zuc/rte_zuc_pmd_ops.c | 2 + drivers/crypto/zuc/rte_zuc_pmd_private.h | 6 ++- mk/rte.app.mk | 2 +- 8 files changed, 110 insertions(+), 57 deletions(-) diff --git a/devtools/test-build.sh b/devtools/test-build.sh index 42f4ad003..911f77e01 100755 --- a/devtools/test-build.sh +++ b/devtools/test-build.sh @@ -25,7 +25,6 @@ default_path=$PATH # - LIBMUSDK_PATH # - LIBSSO_SNOW3G_PATH # - LIBSSO_KASUMI_PATH -# - LIBSSO_ZUC_PATH . $(dirname $(readlink -e $0))/load-devel-config print_usage () { @@ -111,7 +110,6 @@ reset_env () unset LIBMUSDK_PATH unset LIBSSO_SNOW3G_PATH unset LIBSSO_KASUMI_PATH - unset LIBSSO_ZUC_PATH unset PQOS_INSTALL_PATH } @@ -165,12 +163,12 @@ config () # sed -ri 's,(PMD_AESNI_MB=)n,\1y,' $1/.config test "$DPDK_DEP_IPSEC_MB" != y || \ sed -ri 's,(PMD_AESNI_GCM=)n,\1y,' $1/.config + test "$DPDK_DEP_IPSEC_MB" != y || \ + sed -ri 's,(PMD_ZUC=)n,\1y,' $1/.config test -z "$LIBSSO_SNOW3G_PATH" || \ sed -ri 's,(PMD_SNOW3G=)n,\1y,' $1/.config test -z "$LIBSSO_KASUMI_PATH" || \ sed -ri 's,(PMD_KASUMI=)n,\1y,' $1/.config - test -z "$LIBSSO_ZUC_PATH" || \ - sed -ri 's,(PMD_ZUC=)n,\1y,' $1/.config test "$DPDK_DEP_SSL" != y || \ sed -ri 's,(PMD_CCP=)n,\1y,' $1/.config test "$DPDK_DEP_SSL" != y || \ diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst index e38989968..d4001b1f4 100644 --- a/doc/guides/cryptodevs/zuc.rst +++ b/doc/guides/cryptodevs/zuc.rst @@ -1,12 +1,12 @@ .. SPDX-License-Identifier: BSD-3-Clause - Copyright(c) 2016 Intel Corporation. + Copyright(c) 2016-2019 Intel Corporation. ZUC Crypto Poll Mode Driver =========================== -The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver -support for utilizing Intel Libsso library, which implements F8 and F9 functions -for ZUC EEA3 cipher and EIA3 hash algorithms. +The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver support for +utilizing `Intel IPSec Multi-buffer library `_ +which implements F8 and F9 functions for ZUC EEA3 cipher and EIA3 hash algorithms. Features -------- @@ -27,36 +27,46 @@ Limitations * Chained mbufs are not supported. * ZUC (EIA3) supported only if hash offset field is byte-aligned. * ZUC (EEA3) supported only if cipher length, cipher offset fields are byte-aligned. -* ZUC PMD cannot be built as a shared library, due to limitations in - in the underlying library. Installation ------------ -To build DPDK with the ZUC_PMD the user is required to download -the export controlled ``libsso_zuc`` library, by registering in -`Intel Resource & Design Center `_. -Once approval has been granted, the user needs to search for -*ZUC 128-EAA3 and 128-EIA3 3GPP cryptographic algorithms Software Library* to download the -library or directly through this `link `_. +To build DPDK with the ZUC_PMD the user is required to download the multi-buffer +library from `here `_ +and compile it on their user system before building DPDK. +The latest version of the library supported by this PMD is v0.53, which +can be downloaded from ``_. + After downloading the library, the user needs to unpack and compile it -on their system before building DPDK:: +on their system before building DPDK: + +.. code-block:: console + + make + make install + +As a reference, the following table shows a mapping between the past DPDK versions +and the external crypto libraries supported by them: + +.. _table_zuc_versions: + +.. table:: DPDK and external crypto library version compatibility + + ============= ================================ + DPDK version Crypto library version + ============= ================================ + 16.11 - 19.11 LibSSO ZUC + 20.02+ Multi-buffer library 0.53 + ============= ================================ - make Initialization -------------- In order to enable this virtual crypto PMD, user must: -* Export the environmental variable LIBSSO_ZUC_PATH with the path where - the library was extracted (zuc folder). - -* Export the environmental variable LD_LIBRARY_PATH with the path - where the built libsso library is (LIBSSO_ZUC_PATH/build). - -* Build the LIBSSO_ZUC library (explained in Installation section). +* Build the multi buffer library (explained in Installation section). * Build DPDK as follows: diff --git a/drivers/crypto/zuc/Makefile b/drivers/crypto/zuc/Makefile index 68d84eebc..cc0d7943b 100644 --- a/drivers/crypto/zuc/Makefile +++ b/drivers/crypto/zuc/Makefile @@ -1,14 +1,8 @@ # SPDX-License-Identifier: BSD-3-Clause -# Copyright(c) 2016 Intel Corporation +# Copyright(c) 2016-2019 Intel Corporation include $(RTE_SDK)/mk/rte.vars.mk -ifneq ($(MAKECMDGOALS),clean) -ifeq ($(LIBSSO_ZUC_PATH),) -$(error "Please define LIBSSO_ZUC_PATH environment variable") -endif -endif - # library name LIB = librte_pmd_zuc.a @@ -23,14 +17,26 @@ LIBABIVER := 1 EXPORT_MAP := rte_pmd_zuc_version.map # external library dependencies -CFLAGS += -I$(LIBSSO_ZUC_PATH) -CFLAGS += -I$(LIBSSO_ZUC_PATH)/include -CFLAGS += -I$(LIBSSO_ZUC_PATH)/build -LDLIBS += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc +LDLIBS += -lIPSec_MB LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring LDLIBS += -lrte_cryptodev LDLIBS += -lrte_bus_vdev +IMB_HDR = $(shell echo '\#include ' | \ + $(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \ + head -n1 | cut -d'"' -f2) + +# Detect library version +IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2) +IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3) + +ifeq ($(IMB_VERSION),) +$(error "IPSec_MB version >= 0.53 is required") +endif + +ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1) +$(error "IPSec_MB version >= 0.53 is required") +endif # library source files SRCS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += rte_zuc_pmd.c SRCS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += rte_zuc_pmd_ops.c diff --git a/drivers/crypto/zuc/meson.build b/drivers/crypto/zuc/meson.build index b8ca7107e..f0fcd8246 100644 --- a/drivers/crypto/zuc/meson.build +++ b/drivers/crypto/zuc/meson.build @@ -1,11 +1,20 @@ # SPDX-License-Identifier: BSD-3-Clause -# Copyright(c) 2018 Intel Corporation +# Copyright(c) 2018-2020 Intel Corporation -lib = cc.find_library('libsso_zuc', required: false) +IMB_required_ver = '0.53.0' +lib = cc.find_library('IPSec_MB', required: false) if not lib.found() build = false else ext_deps += lib + # version comes with quotes, so we split based on " and take the middle + imb_ver = cc.get_define('IMB_VERSION_STR', + prefix : '#include').split('"')[1] + + if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver)) + build = false + endif + endif sources = files('rte_zuc_pmd.c', 'rte_zuc_pmd_ops.c') diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c index 313f4590b..c880eea7c 100644 --- a/drivers/crypto/zuc/rte_zuc_pmd.c +++ b/drivers/crypto/zuc/rte_zuc_pmd.c @@ -11,7 +11,7 @@ #include #include "rte_zuc_pmd_private.h" -#define ZUC_MAX_BURST 4 +#define ZUC_MAX_BURST 16 #define BYTE_LEN 8 static uint8_t cryptodev_driver_id; @@ -169,16 +169,17 @@ zuc_get_session(struct zuc_qp *qp, struct rte_crypto_op *op) /** Encrypt/decrypt mbufs. */ static uint8_t -process_zuc_cipher_op(struct rte_crypto_op **ops, +process_zuc_cipher_op(struct zuc_qp *qp, struct rte_crypto_op **ops, struct zuc_session **sessions, uint8_t num_ops) { unsigned i; uint8_t processed_ops = 0; - uint8_t *src[ZUC_MAX_BURST], *dst[ZUC_MAX_BURST]; - uint8_t *iv[ZUC_MAX_BURST]; + const void *src[ZUC_MAX_BURST]; + void *dst[ZUC_MAX_BURST]; + const void *iv[ZUC_MAX_BURST]; uint32_t num_bytes[ZUC_MAX_BURST]; - uint8_t *cipher_keys[ZUC_MAX_BURST]; + const void *cipher_keys[ZUC_MAX_BURST]; struct zuc_session *sess; for (i = 0; i < num_ops; i++) { @@ -221,7 +222,8 @@ process_zuc_cipher_op(struct rte_crypto_op **ops, processed_ops++; } - sso_zuc_eea3_n_buffer(cipher_keys, iv, src, dst, + IMB_ZUC_EEA3_N_BUFFER(qp->mb_mgr, (const void **)cipher_keys, + (const void **)iv, (const void **)src, (void **)dst, num_bytes, processed_ops); return processed_ops; @@ -261,7 +263,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops, if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) { dst = (uint32_t *)qp->temp_digest; - sso_zuc_eia3_1_buffer(sess->pKey_hash, + IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash, iv, src, length_in_bits, dst); /* Verify digest. */ @@ -271,7 +273,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops, } else { dst = (uint32_t *)ops[i]->sym->auth.digest.data; - sso_zuc_eia3_1_buffer(sess->pKey_hash, + IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash, iv, src, length_in_bits, dst); } @@ -293,7 +295,7 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type, switch (op_type) { case ZUC_OP_ONLY_CIPHER: - processed_ops = process_zuc_cipher_op(ops, + processed_ops = process_zuc_cipher_op(qp, ops, sessions, num_ops); break; case ZUC_OP_ONLY_AUTH: @@ -301,14 +303,14 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type, num_ops); break; case ZUC_OP_CIPHER_AUTH: - processed_ops = process_zuc_cipher_op(ops, sessions, + processed_ops = process_zuc_cipher_op(qp, ops, sessions, num_ops); process_zuc_hash_op(qp, ops, sessions, processed_ops); break; case ZUC_OP_AUTH_CIPHER: processed_ops = process_zuc_hash_op(qp, ops, sessions, num_ops); - process_zuc_cipher_op(ops, sessions, processed_ops); + process_zuc_cipher_op(qp, ops, sessions, processed_ops); break; default: /* Operation not supported. */ @@ -455,8 +457,7 @@ cryptodev_zuc_create(const char *name, { struct rte_cryptodev *dev; struct zuc_private *internals; - uint64_t cpu_flags = RTE_CRYPTODEV_FF_CPU_SSE; - + MB_MGR *mb_mgr; dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params); if (dev == NULL) { @@ -464,6 +465,27 @@ cryptodev_zuc_create(const char *name, goto init_error; } + dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | + RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING; + + mb_mgr = alloc_mb_mgr(0); + if (mb_mgr == NULL) + return -ENOMEM; + + if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX512F)) { + dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX512; + init_mb_mgr_avx512(mb_mgr); + } else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX2)) { + dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX2; + init_mb_mgr_avx2(mb_mgr); + } else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) { + dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX; + init_mb_mgr_avx(mb_mgr); + } else { + dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE; + init_mb_mgr_sse(mb_mgr); + } + dev->driver_id = cryptodev_driver_id; dev->dev_ops = rte_zuc_pmd_ops; @@ -471,11 +493,8 @@ cryptodev_zuc_create(const char *name, dev->dequeue_burst = zuc_pmd_dequeue_burst; dev->enqueue_burst = zuc_pmd_enqueue_burst; - dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | - RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | - cpu_flags; - internals = dev->data->dev_private; + internals->mb_mgr = mb_mgr; internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs; @@ -516,6 +535,7 @@ cryptodev_zuc_remove(struct rte_vdev_device *vdev) struct rte_cryptodev *cryptodev; const char *name; + struct zuc_private *internals; name = rte_vdev_device_name(vdev); if (name == NULL) @@ -525,6 +545,10 @@ cryptodev_zuc_remove(struct rte_vdev_device *vdev) if (cryptodev == NULL) return -ENODEV; + internals = cryptodev->data->dev_private; + + free_mb_mgr(internals->mb_mgr); + return rte_cryptodev_pmd_destroy(cryptodev); } diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c index 6da396542..14a831867 100644 --- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c +++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c @@ -196,6 +196,7 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, int socket_id, struct rte_mempool *session_pool) { struct zuc_qp *qp = NULL; + struct zuc_private *internals = dev->data->dev_private; /* Free memory prior to re-allocation if needed. */ if (dev->data->queue_pairs[qp_id] != NULL) @@ -218,6 +219,7 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, if (qp->processed_ops == NULL) goto qp_setup_cleanup; + qp->mb_mgr = internals->mb_mgr; qp->sess_mp = session_pool; memset(&qp->qp_stats, 0, sizeof(qp->qp_stats)); diff --git a/drivers/crypto/zuc/rte_zuc_pmd_private.h b/drivers/crypto/zuc/rte_zuc_pmd_private.h index 5e5906ddb..e049df377 100644 --- a/drivers/crypto/zuc/rte_zuc_pmd_private.h +++ b/drivers/crypto/zuc/rte_zuc_pmd_private.h @@ -5,7 +5,7 @@ #ifndef _RTE_ZUC_PMD_PRIVATE_H_ #define _RTE_ZUC_PMD_PRIVATE_H_ -#include +#include #define CRYPTODEV_NAME_ZUC_PMD crypto_zuc /**< KASUMI PMD device name */ @@ -24,6 +24,8 @@ int zuc_logtype_driver; struct zuc_private { unsigned max_nb_queue_pairs; /**< Max number of queue pairs supported by device */ + MB_MGR *mb_mgr; + /**< Multi-buffer instance */ }; /** ZUC buffer queue pair */ @@ -43,6 +45,8 @@ struct zuc_qp { * by the driver when verifying a digest provided * by the user (using authentication verify operation) */ + MB_MGR *mb_mgr; + /**< Multi-buffer instance */ } __rte_cache_aligned; enum zuc_operation { diff --git a/mk/rte.app.mk b/mk/rte.app.mk index 5699d979d..7c04ee490 100644 --- a/mk/rte.app.mk +++ b/mk/rte.app.mk @@ -233,7 +233,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += -L$(LIBSSO_SNOW3G_PATH)/build -l _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += -lrte_pmd_kasumi _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -lrte_pmd_zuc -_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc +_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -lIPSec_MB _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO) += -lrte_pmd_armv8 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO) += -L$(ARMV8_CRYPTO_LIB_PATH) -larmv8_crypto _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_MVSAM_CRYPTO) += -L$(LIBMUSDK_PATH)/lib -lrte_pmd_mvsam_crypto -lmusdk -- 2.24.1