[v2,1/2] crypto/zuc: support IPSec Multi-buffer lib v0.54
Checks
Commit Message
The latest version of the Intel IPSec Multi-buffer library
adds an API to authenticate multiple buffers in parallel.
The PMD is modified to use this API, improving
performance of the ZUC-EIA3 algorithm.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
v2:
- Simplified logic in process_hash_op per Akhil's comments
doc/guides/cryptodevs/zuc.rst | 6 ++--
doc/guides/rel_notes/release_20_05.rst | 7 ++++
drivers/crypto/zuc/rte_zuc_pmd.c | 58 ++++++++++++++++++++--------------
3 files changed, 44 insertions(+), 27 deletions(-)
Comments
Hi Pablo,
It seems there is compilation issue in Clang with this patch.
Regards,
Akhil
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
>
> v2:
> - Simplified logic in process_hash_op per Akhil's comments
>
> doc/guides/cryptodevs/zuc.rst | 6 ++--
> doc/guides/rel_notes/release_20_05.rst | 7 ++++
> drivers/crypto/zuc/rte_zuc_pmd.c | 58 ++++++++++++++++++++--------------
> 3 files changed, 44 insertions(+), 27 deletions(-)
>
> diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
> index 38ea999..c384f3d 100644
> --- a/doc/guides/cryptodevs/zuc.rst
> +++ b/doc/guides/cryptodevs/zuc.rst
> @@ -35,8 +35,8 @@ Installation
> To build DPDK with the ZUC_PMD the user is required to download the multi-
> buffer
> library from `here
> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.c
> om%2F01org%2Fintel-ipsec-
> mb&data=02%7C01%7Cakhil.goyal%40nxp.com%7C5e2b3704135b4de6d5
> a708d7f51a140b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C6372
> 47364662642602&sdata=gncK8ob%2FbtOTpjZH2luy4%2Fa4TcfQYGsvI6M%
> 2BRQdkfBk%3D&reserved=0>`_
> and compile it on their user system before building DPDK.
> -The latest version of the library supported by this PMD is v0.53, which
> -can be downloaded from
> `<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2F01org%2Fintel-ipsec-
> mb%2Farchive%2Fv0.53.zip&data=02%7C01%7Cakhil.goyal%40nxp.com%7
> C5e2b3704135b4de6d5a708d7f51a140b%7C686ea1d3bc2b4c6fa92cd99c5c301
> 635%7C0%7C0%7C637247364662642602&sdata=JuMgmXftLm62TGvaaSo
> OUpSOWGhT9eVQ%2Bb8r3NEFUow%3D&reserved=0>`_.
> +The latest version of the library supported by this PMD is v0.54, which
> +can be downloaded from
> `<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2F01org%2Fintel-ipsec-
> mb%2Farchive%2Fv0.54.zip&data=02%7C01%7Cakhil.goyal%40nxp.com%7
> C5e2b3704135b4de6d5a708d7f51a140b%7C686ea1d3bc2b4c6fa92cd99c5c301
> 635%7C0%7C0%7C637247364662642602&sdata=9oDdUezguCEPTCe5FfQS
> w7zJKt5%2BiSUe5v4Ypm5YBIw%3D&reserved=0>`_.
>
> After downloading the library, the user needs to unpack and compile it
> on their system before building DPDK:
> @@ -63,7 +63,7 @@ and the external crypto libraries supported by them:
> DPDK version Crypto library version
> ============= ================================
> 16.11 - 19.11 LibSSO ZUC
> - 20.02+ Multi-buffer library 0.53
> + 20.02+ Multi-buffer library 0.53 - 0.54
> ============= ================================
>
>
> diff --git a/doc/guides/rel_notes/release_20_05.rst
> b/doc/guides/rel_notes/release_20_05.rst
> index fe6c75e..7d3a4bf 100644
> --- a/doc/guides/rel_notes/release_20_05.rst
> +++ b/doc/guides/rel_notes/release_20_05.rst
> @@ -155,6 +155,13 @@ New Features
>
> * Added support for intel-ipsec-mb version 0.54.
>
> +* **Updated the ZUC crypto PMD.**
> +
> + * Added support for intel-ipsec-mb version 0.54.
> + * Updated the PMD to support Multi-buffer ZUC-EIA3,
> + improving performance significantly, when using
> + intel-ipsec-mb version 0.54
> +
> * **Added a new driver for Intel Foxville I225 devices.**
>
> Added the new ``igc`` net driver for Intel Foxville I225 devices. See the
> diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c
> b/drivers/crypto/zuc/rte_zuc_pmd.c
> index 17926b4..45ae04b 100644
> --- a/drivers/crypto/zuc/rte_zuc_pmd.c
> +++ b/drivers/crypto/zuc/rte_zuc_pmd.c
> @@ -237,12 +237,13 @@ process_zuc_hash_op(struct zuc_qp *qp, struct
> rte_crypto_op **ops,
> struct zuc_session **sessions,
> uint8_t num_ops)
> {
> - unsigned i;
> + unsigned int i;
> uint8_t processed_ops = 0;
> - uint8_t *src;
> - uint32_t *dst;
> - uint32_t length_in_bits;
> - uint8_t *iv;
> + uint8_t *src[ZUC_MAX_BURST];
> + uint32_t *dst[ZUC_MAX_BURST];
> + uint32_t length_in_bits[ZUC_MAX_BURST];
> + uint8_t *iv[ZUC_MAX_BURST];
> + const void *hash_keys[ZUC_MAX_BURST];
> struct zuc_session *sess;
>
> for (i = 0; i < num_ops; i++) {
> @@ -255,33 +256,42 @@ process_zuc_hash_op(struct zuc_qp *qp, struct
> rte_crypto_op **ops,
>
> sess = sessions[i];
>
> - length_in_bits = ops[i]->sym->auth.data.length;
> + length_in_bits[i] = ops[i]->sym->auth.data.length;
>
> - src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
> + src[i] = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
> (ops[i]->sym->auth.data.offset >> 3);
> - iv = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
> + iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
> sess->auth_iv_offset);
>
> - if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
> - dst = (uint32_t *)qp->temp_digest;
> -
> - IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess-
> >pKey_hash,
> - iv, src,
> - length_in_bits, dst);
> - /* Verify digest. */
> - if (memcmp(dst, ops[i]->sym->auth.digest.data,
> - ZUC_DIGEST_LENGTH) != 0)
> - ops[i]->status =
> RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
> - } else {
> - dst = (uint32_t *)ops[i]->sym->auth.digest.data;
> + hash_keys[i] = sess->pKey_hash;
> + if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY)
> + dst[i] = (uint32_t *)qp->temp_digest;
> + else
> + dst[i] = (uint32_t *)ops[i]->sym->auth.digest.data;
>
> - IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess-
> >pKey_hash,
> - iv, src,
> - length_in_bits, dst);
> - }
> +#if IMB_VERSION_NUM < IMB_VERSION(0, 53, 3)
> + IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, hash_keys[i],
> + iv[i], src[i], length_in_bits[i], dst[i]);
> +#endif
> processed_ops++;
> }
>
> +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3)
> + IMB_ZUC_EIA3_N_BUFFER(qp->mb_mgr, (const void **)hash_keys,
> + (const void **)iv, (const void **)src, length_in_bits,
> + dst, processed_ops);
> +#endif
> +
> + /*
> + * If tag needs to be verified, compare generated tag
> + * with attached tag
> + */
> + for (i = 0; i < processed_ops; i++)
> + if (sessions[i]->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY)
> + if (memcmp(dst[i], ops[i]->sym->auth.digest.data,
> + ZUC_DIGEST_LENGTH) != 0)
> + ops[i]->status =
> RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
> +
> return processed_ops;
> }
>
> --
> 2.7.5
@@ -35,8 +35,8 @@ Installation
To build DPDK with the ZUC_PMD the user is required to download the multi-buffer
library from `here <https://github.com/01org/intel-ipsec-mb>`_
and compile it on their user system before building DPDK.
-The latest version of the library supported by this PMD is v0.53, which
-can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+The latest version of the library supported by this PMD is v0.54, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.54.zip>`_.
After downloading the library, the user needs to unpack and compile it
on their system before building DPDK:
@@ -63,7 +63,7 @@ and the external crypto libraries supported by them:
DPDK version Crypto library version
============= ================================
16.11 - 19.11 LibSSO ZUC
- 20.02+ Multi-buffer library 0.53
+ 20.02+ Multi-buffer library 0.53 - 0.54
============= ================================
@@ -155,6 +155,13 @@ New Features
* Added support for intel-ipsec-mb version 0.54.
+* **Updated the ZUC crypto PMD.**
+
+ * Added support for intel-ipsec-mb version 0.54.
+ * Updated the PMD to support Multi-buffer ZUC-EIA3,
+ improving performance significantly, when using
+ intel-ipsec-mb version 0.54
+
* **Added a new driver for Intel Foxville I225 devices.**
Added the new ``igc`` net driver for Intel Foxville I225 devices. See the
@@ -237,12 +237,13 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
struct zuc_session **sessions,
uint8_t num_ops)
{
- unsigned i;
+ unsigned int i;
uint8_t processed_ops = 0;
- uint8_t *src;
- uint32_t *dst;
- uint32_t length_in_bits;
- uint8_t *iv;
+ uint8_t *src[ZUC_MAX_BURST];
+ uint32_t *dst[ZUC_MAX_BURST];
+ uint32_t length_in_bits[ZUC_MAX_BURST];
+ uint8_t *iv[ZUC_MAX_BURST];
+ const void *hash_keys[ZUC_MAX_BURST];
struct zuc_session *sess;
for (i = 0; i < num_ops; i++) {
@@ -255,33 +256,42 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
sess = sessions[i];
- length_in_bits = ops[i]->sym->auth.data.length;
+ length_in_bits[i] = ops[i]->sym->auth.data.length;
- src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
+ src[i] = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
(ops[i]->sym->auth.data.offset >> 3);
- iv = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+ iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
sess->auth_iv_offset);
- if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
- dst = (uint32_t *)qp->temp_digest;
-
- IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash,
- iv, src,
- length_in_bits, dst);
- /* Verify digest. */
- if (memcmp(dst, ops[i]->sym->auth.digest.data,
- ZUC_DIGEST_LENGTH) != 0)
- ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
- } else {
- dst = (uint32_t *)ops[i]->sym->auth.digest.data;
+ hash_keys[i] = sess->pKey_hash;
+ if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY)
+ dst[i] = (uint32_t *)qp->temp_digest;
+ else
+ dst[i] = (uint32_t *)ops[i]->sym->auth.digest.data;
- IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash,
- iv, src,
- length_in_bits, dst);
- }
+#if IMB_VERSION_NUM < IMB_VERSION(0, 53, 3)
+ IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, hash_keys[i],
+ iv[i], src[i], length_in_bits[i], dst[i]);
+#endif
processed_ops++;
}
+#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3)
+ IMB_ZUC_EIA3_N_BUFFER(qp->mb_mgr, (const void **)hash_keys,
+ (const void **)iv, (const void **)src, length_in_bits,
+ dst, processed_ops);
+#endif
+
+ /*
+ * If tag needs to be verified, compare generated tag
+ * with attached tag
+ */
+ for (i = 0; i < processed_ops; i++)
+ if (sessions[i]->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY)
+ if (memcmp(dst[i], ops[i]->sym->auth.digest.data,
+ ZUC_DIGEST_LENGTH) != 0)
+ ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
+
return processed_ops;
}