From patchwork Wed Dec 11 14:20:42 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "De Lara Guarch, Pablo" X-Patchwork-Id: 63756 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id C174BA04F6; Wed, 11 Dec 2019 15:21:00 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 955511BE80; Wed, 11 Dec 2019 15:20:55 +0100 (CET) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id DFDDE1BC25 for ; Wed, 11 Dec 2019 15:20:52 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Dec 2019 06:20:52 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,301,1571727600"; d="scan'208";a="363625665" Received: from silpixa00399593.ir.intel.com (HELO silpixa00399593.ger.corp.intel.com) ([10.237.223.21]) by orsmga004.jf.intel.com with ESMTP; 11 Dec 2019 06:20:51 -0800 From: Pablo de Lara To: akhil.goyal@nxp.com, declan.doherty@intel.com Cc: dev@dpdk.org, Pablo de Lara Date: Wed, 11 Dec 2019 14:20:42 +0000 Message-Id: <1576074044-250855-2-git-send-email-pablo.de.lara.guarch@intel.com> X-Mailer: git-send-email 2.7.5 In-Reply-To: <1576074044-250855-1-git-send-email-pablo.de.lara.guarch@intel.com> References: <1576074044-250855-1-git-send-email-pablo.de.lara.guarch@intel.com> Subject: [dpdk-dev] [PATCH 1/3] crypto/zuc: use IPSec library X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Link against Intel IPSec Multi-buffer library, which added support for ZUC-EEA3 and ZUC-EIA3 from version v0.53, moving from libSSO ZUC library. Signed-off-by: Pablo de Lara --- devtools/test-build.sh | 6 ++-- doc/guides/cryptodevs/zuc.rst | 52 ++++++++++++++++++++-------------- doc/guides/rel_notes/release_20_02.rst | 7 +++++ drivers/crypto/zuc/Makefile | 28 +++++++++++------- drivers/crypto/zuc/meson.build | 24 ++++++++++++---- drivers/crypto/zuc/rte_zuc_pmd.c | 43 +++++++++++++++++++--------- drivers/crypto/zuc/rte_zuc_pmd_ops.c | 2 ++ drivers/crypto/zuc/zuc_pmd_private.h | 6 +++- mk/rte.app.mk | 2 +- 9 files changed, 113 insertions(+), 57 deletions(-) diff --git a/devtools/test-build.sh b/devtools/test-build.sh index be565a1..afa0748 100755 --- a/devtools/test-build.sh +++ b/devtools/test-build.sh @@ -29,7 +29,6 @@ default_path=$PATH # - LIBMUSDK_PATH # - LIBSSO_SNOW3G_PATH # - LIBSSO_KASUMI_PATH -# - LIBSSO_ZUC_PATH . $(dirname $(readlink -f $0))/load-devel-config print_usage () { @@ -123,7 +122,6 @@ reset_env () unset LIBMUSDK_PATH unset LIBSSO_SNOW3G_PATH unset LIBSSO_KASUMI_PATH - unset LIBSSO_ZUC_PATH unset PQOS_INSTALL_PATH } @@ -183,12 +181,12 @@ config () # sed -ri="" 's,(PMD_AESNI_MB=)n,\1y,' $1/.config test "$DPDK_DEP_IPSEC_MB" != y || \ sed -ri="" 's,(PMD_AESNI_GCM=)n,\1y,' $1/.config + test "$DPDK_DEP_IPSEC_MB" != y || \ + sed -ri="" 's,(PMD_ZUC=)n,\1y,' $1/.config test -z "$LIBSSO_SNOW3G_PATH" || \ sed -ri="" 's,(PMD_SNOW3G=)n,\1y,' $1/.config test -z "$LIBSSO_KASUMI_PATH" || \ sed -ri="" 's,(PMD_KASUMI=)n,\1y,' $1/.config - test -z "$LIBSSO_ZUC_PATH" || \ - sed -ri="" 's,(PMD_ZUC=)n,\1y,' $1/.config test "$DPDK_DEP_SSL" != y || \ sed -ri="" 's,(PMD_CCP=)n,\1y,' $1/.config test "$DPDK_DEP_SSL" != y || \ diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst index 002e986..23d618d 100644 --- a/doc/guides/cryptodevs/zuc.rst +++ b/doc/guides/cryptodevs/zuc.rst @@ -1,12 +1,12 @@ .. SPDX-License-Identifier: BSD-3-Clause - Copyright(c) 2016 Intel Corporation. + Copyright(c) 2016-2019 Intel Corporation. ZUC Crypto Poll Mode Driver =========================== -The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver -support for utilizing Intel Libsso library, which implements F8 and F9 functions -for ZUC EEA3 cipher and EIA3 hash algorithms. +The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver support for +utilizing `Intel IPSec Multi-buffer library `_ +which implements F8 and F9 functions for ZUC EEA3 cipher and EIA3 hash algorithms. Features -------- @@ -27,36 +27,46 @@ Limitations * Chained mbufs are not supported. * ZUC (EIA3) supported only if hash offset field is byte-aligned. * ZUC (EEA3) supported only if cipher length, cipher offset fields are byte-aligned. -* ZUC PMD cannot be built as a shared library, due to limitations in - the underlying library. Installation ------------ -To build DPDK with the ZUC_PMD the user is required to download -the export controlled ``libsso_zuc`` library, by registering in -`Intel Resource & Design Center `_. -Once approval has been granted, the user needs to search for -*ZUC 128-EAA3 and 128-EIA3 3GPP cryptographic algorithms Software Library* to download the -library or directly through this `link `_. +To build DPDK with the ZUC_PMD the user is required to download the multi-buffer +library from `here `_ +and compile it on their user system before building DPDK. +The latest version of the library supported by this PMD is v0.53, which +can be downloaded from ``_. + After downloading the library, the user needs to unpack and compile it -on their system before building DPDK:: +on their system before building DPDK: + +.. code-block:: console + + make + make install + +As a reference, the following table shows a mapping between the past DPDK versions +and the external crypto libraries supported by them: + +.. _table_zuc_versions: + +.. table:: DPDK and external crypto library version compatibility + + ============= ================================ + DPDK version Crypto library version + ============= ================================ + 16.11 - 19.11 LibSSO ZUC + 20.02+ Multi-buffer library 0.53 + ============= ================================ - make Initialization -------------- In order to enable this virtual crypto PMD, user must: -* Export the environmental variable LIBSSO_ZUC_PATH with the path where - the library was extracted (zuc folder). - -* Export the environmental variable LD_LIBRARY_PATH with the path - where the built libsso library is (LIBSSO_ZUC_PATH/build). - -* Build the LIBSSO_ZUC library (explained in Installation section). +* Build the multi buffer library (explained in Installation section). * Build DPDK as follows: diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst index 0eaa45a..4216e0b 100644 --- a/doc/guides/rel_notes/release_20_02.rst +++ b/doc/guides/rel_notes/release_20_02.rst @@ -56,6 +56,13 @@ New Features Also, make sure to start the actual text at the margin. ========================================================= +* **Updated the ZUC PMD.** + + * Transistioned underlying library from libSSO ZUC to intel-ipsec-mb + library (minimum version required 0.53). + * Removed dynamic library limitation, so PMD can be built as a shared + object now. + Removed Items ------------- diff --git a/drivers/crypto/zuc/Makefile b/drivers/crypto/zuc/Makefile index a01bb6e..b50883b 100644 --- a/drivers/crypto/zuc/Makefile +++ b/drivers/crypto/zuc/Makefile @@ -1,14 +1,8 @@ # SPDX-License-Identifier: BSD-3-Clause -# Copyright(c) 2016 Intel Corporation +# Copyright(c) 2016-2019 Intel Corporation include $(RTE_SDK)/mk/rte.vars.mk -ifneq ($(MAKECMDGOALS),clean) -ifeq ($(LIBSSO_ZUC_PATH),) -$(error "Please define LIBSSO_ZUC_PATH environment variable") -endif -endif - # library name LIB = librte_pmd_zuc.a @@ -21,14 +15,26 @@ CFLAGS += -DALLOW_EXPERIMENTAL_API EXPORT_MAP := rte_pmd_zuc_version.map # external library dependencies -CFLAGS += -I$(LIBSSO_ZUC_PATH) -CFLAGS += -I$(LIBSSO_ZUC_PATH)/include -CFLAGS += -I$(LIBSSO_ZUC_PATH)/build -LDLIBS += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc +LDLIBS += -lIPSec_MB LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring LDLIBS += -lrte_cryptodev LDLIBS += -lrte_bus_vdev +IMB_HDR = $(shell echo '\#include ' | \ + $(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \ + head -n1 | cut -d'"' -f2) + +# Detect library version +IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2) +IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3) + +ifeq ($(IMB_VERSION),) +$(error "IPSec_MB version >= 0.53 is required") +endif + +ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1) +$(error "IPSec_MB version >= 0.53 is required") +endif # library source files SRCS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += rte_zuc_pmd.c SRCS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += rte_zuc_pmd_ops.c diff --git a/drivers/crypto/zuc/meson.build b/drivers/crypto/zuc/meson.build index b231de0..b7098a3 100644 --- a/drivers/crypto/zuc/meson.build +++ b/drivers/crypto/zuc/meson.build @@ -1,14 +1,26 @@ # SPDX-License-Identifier: BSD-3-Clause -# Copyright(c) 2018 Intel Corporation +# Copyright(c) 2018-2019 Intel Corporation -lib = cc.find_library('sso_zuc', required: false) -if not lib.found() or not cc.has_header('sso_zuc.h') +IMB_required_ver = '0.53.0' +lib = cc.find_library('IPSec_MB', required: false) +if not lib.found() build = false - reason = 'missing dependency, "libsso_zuc"' - subdir_done() + reason = 'missing dependency, "libIPSec_MB"' +else + ext_deps += lib + + # version comes with quotes, so we split based on " and take the middle + imb_ver = cc.get_define('IMB_VERSION_STR', + prefix : '#include').split('"')[1] + + if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver)) + message('IPSec_MB version >= @0@ is required, found version @1@'.format( + IMB_required_ver, imb_ver)) + build = false + endif + endif allow_experimental_apis = true -ext_deps += lib sources = files('rte_zuc_pmd.c', 'rte_zuc_pmd_ops.c') deps += ['bus_vdev'] diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c index 8e214cd..afa288b 100644 --- a/drivers/crypto/zuc/rte_zuc_pmd.c +++ b/drivers/crypto/zuc/rte_zuc_pmd.c @@ -170,7 +170,7 @@ zuc_get_session(struct zuc_qp *qp, struct rte_crypto_op *op) /** Encrypt/decrypt mbufs. */ static uint8_t -process_zuc_cipher_op(struct rte_crypto_op **ops, +process_zuc_cipher_op(struct zuc_qp *qp, struct rte_crypto_op **ops, struct zuc_session **sessions, uint8_t num_ops) { @@ -222,7 +222,8 @@ process_zuc_cipher_op(struct rte_crypto_op **ops, processed_ops++; } - sso_zuc_eea3_n_buffer(cipher_keys, iv, src, dst, + IMB_ZUC_EEA3_N_BUFFER(qp->mb_mgr, (const void **)cipher_keys, + (const void **)iv, (const void **)src, (void **)dst, num_bytes, processed_ops); return processed_ops; @@ -262,7 +263,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops, if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) { dst = (uint32_t *)qp->temp_digest; - sso_zuc_eia3_1_buffer(sess->pKey_hash, + IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash, iv, src, length_in_bits, dst); /* Verify digest. */ @@ -272,7 +273,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops, } else { dst = (uint32_t *)ops[i]->sym->auth.digest.data; - sso_zuc_eia3_1_buffer(sess->pKey_hash, + IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash, iv, src, length_in_bits, dst); } @@ -294,7 +295,7 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type, switch (op_type) { case ZUC_OP_ONLY_CIPHER: - processed_ops = process_zuc_cipher_op(ops, + processed_ops = process_zuc_cipher_op(qp, ops, sessions, num_ops); break; case ZUC_OP_ONLY_AUTH: @@ -302,14 +303,14 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type, num_ops); break; case ZUC_OP_CIPHER_AUTH: - processed_ops = process_zuc_cipher_op(ops, sessions, + processed_ops = process_zuc_cipher_op(qp, ops, sessions, num_ops); process_zuc_hash_op(qp, ops, sessions, processed_ops); break; case ZUC_OP_AUTH_CIPHER: processed_ops = process_zuc_hash_op(qp, ops, sessions, num_ops); - process_zuc_cipher_op(ops, sessions, processed_ops); + process_zuc_cipher_op(qp, ops, sessions, processed_ops); break; default: /* Operation not supported. */ @@ -457,8 +458,7 @@ cryptodev_zuc_create(const char *name, { struct rte_cryptodev *dev; struct zuc_private *internals; - uint64_t cpu_flags = RTE_CRYPTODEV_FF_CPU_SSE; - + MB_MGR *mb_mgr; dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params); if (dev == NULL) { @@ -466,6 +466,21 @@ cryptodev_zuc_create(const char *name, goto init_error; } + dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | + RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING; + + mb_mgr = alloc_mb_mgr(0); + if (mb_mgr == NULL) + return -ENOMEM; + + if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) { + dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX; + init_mb_mgr_avx(mb_mgr); + } else { + dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE; + init_mb_mgr_sse(mb_mgr); + } + dev->driver_id = cryptodev_driver_id; dev->dev_ops = rte_zuc_pmd_ops; @@ -473,11 +488,8 @@ cryptodev_zuc_create(const char *name, dev->dequeue_burst = zuc_pmd_dequeue_burst; dev->enqueue_burst = zuc_pmd_enqueue_burst; - dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | - RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | - cpu_flags; - internals = dev->data->dev_private; + internals->mb_mgr = mb_mgr; internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs; @@ -518,6 +530,7 @@ cryptodev_zuc_remove(struct rte_vdev_device *vdev) struct rte_cryptodev *cryptodev; const char *name; + struct zuc_private *internals; name = rte_vdev_device_name(vdev); if (name == NULL) @@ -527,6 +540,10 @@ cryptodev_zuc_remove(struct rte_vdev_device *vdev) if (cryptodev == NULL) return -ENODEV; + internals = cryptodev->data->dev_private; + + free_mb_mgr(internals->mb_mgr); + return rte_cryptodev_pmd_destroy(cryptodev); } diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c index 62f8c6c..ddd0f92 100644 --- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c +++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c @@ -201,6 +201,7 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, int socket_id) { struct zuc_qp *qp = NULL; + struct zuc_private *internals = dev->data->dev_private; /* Free memory prior to re-allocation if needed. */ if (dev->data->queue_pairs[qp_id] != NULL) @@ -223,6 +224,7 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, if (qp->processed_ops == NULL) goto qp_setup_cleanup; + qp->mb_mgr = internals->mb_mgr; qp->sess_mp = qp_conf->mp_session; qp->sess_mp_priv = qp_conf->mp_session_private; diff --git a/drivers/crypto/zuc/zuc_pmd_private.h b/drivers/crypto/zuc/zuc_pmd_private.h index 428efd4..47a8b08 100644 --- a/drivers/crypto/zuc/zuc_pmd_private.h +++ b/drivers/crypto/zuc/zuc_pmd_private.h @@ -5,7 +5,7 @@ #ifndef _ZUC_PMD_PRIVATE_H_ #define _ZUC_PMD_PRIVATE_H_ -#include +#include #define CRYPTODEV_NAME_ZUC_PMD crypto_zuc /**< KASUMI PMD device name */ @@ -24,6 +24,8 @@ int zuc_logtype_driver; struct zuc_private { unsigned max_nb_queue_pairs; /**< Max number of queue pairs supported by device */ + MB_MGR *mb_mgr; + /**< Multi-buffer instance */ }; /** ZUC buffer queue pair */ @@ -45,6 +47,8 @@ struct zuc_qp { * by the driver when verifying a digest provided * by the user (using authentication verify operation) */ + MB_MGR *mb_mgr; + /**< Multi-buffer instance */ } __rte_cache_aligned; enum zuc_operation { diff --git a/mk/rte.app.mk b/mk/rte.app.mk index 05ea034..62724cc 100644 --- a/mk/rte.app.mk +++ b/mk/rte.app.mk @@ -272,7 +272,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += -L$(LIBSSO_SNOW3G_PATH)/build -l _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += -lrte_pmd_kasumi _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -lrte_pmd_zuc -_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc +_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -lIPSec_MB _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO) += -lrte_pmd_armv8 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO) += -L$(ARMV8_CRYPTO_LIB_PATH) -larmv8_crypto _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_MVSAM_CRYPTO) += -L$(LIBMUSDK_PATH)/lib -lrte_pmd_mvsam_crypto -lmusdk