diff mbox series

[v2,1/2] crypto/zuc: support IPSec Multi-buffer lib v0.54

Message ID 1589139650-195685-1-git-send-email-pablo.de.lara.guarch@intel.com (mailing list archive)
State Superseded, archived
Delegated to: akhil goyal
Headers
Series [v2,1/2] crypto/zuc: support IPSec Multi-buffer lib v0.54 |

Checks

Context Check Description
ci/checkpatch warning coding style issues
ci/Intel-compilation fail Compilation issues
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-nxp-Performance success Performance Testing PASS
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-testing fail Testing issues

Commit Message

De Lara Guarch, Pablo May 10, 2020, 7:40 p.m. UTC 
  The latest version of the Intel IPSec Multi-buffer library
adds an API to authenticate multiple buffers in parallel.
The PMD is modified to use this API, improving
performance of the ZUC-EIA3 algorithm.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---

v2:
- Simplified logic in process_hash_op per Akhil's comments

 doc/guides/cryptodevs/zuc.rst          |  6 ++--
 doc/guides/rel_notes/release_20_05.rst |  7 ++++
 drivers/crypto/zuc/rte_zuc_pmd.c       | 58 ++++++++++++++++++++--------------
 3 files changed, 44 insertions(+), 27 deletions(-)

Comments

Akhil Goyal May 11, 2020, 7:43 a.m. UTC | #1 
Hi Pablo,

It seems there is compilation issue in Clang with this patch.

Regards,
Akhil

> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
> 
> v2:
> - Simplified logic in process_hash_op per Akhil's comments
> 
>  doc/guides/cryptodevs/zuc.rst          |  6 ++--
>  doc/guides/rel_notes/release_20_05.rst |  7 ++++
>  drivers/crypto/zuc/rte_zuc_pmd.c       | 58 ++++++++++++++++++++--------------
>  3 files changed, 44 insertions(+), 27 deletions(-)
> 
> diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
> index 38ea999..c384f3d 100644
> --- a/doc/guides/cryptodevs/zuc.rst
> +++ b/doc/guides/cryptodevs/zuc.rst
> @@ -35,8 +35,8 @@ Installation
>  To build DPDK with the ZUC_PMD the user is required to download the multi-
> buffer
>  library from `here
> <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.c
> om%2F01org%2Fintel-ipsec-
> mb&amp;data=02%7C01%7Cakhil.goyal%40nxp.com%7C5e2b3704135b4de6d5
> a708d7f51a140b%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C6372
> 47364662642602&amp;sdata=gncK8ob%2FbtOTpjZH2luy4%2Fa4TcfQYGsvI6M%
> 2BRQdkfBk%3D&amp;reserved=0>`_
>  and compile it on their user system before building DPDK.
> -The latest version of the library supported by this PMD is v0.53, which
> -can be downloaded from
> `<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2F01org%2Fintel-ipsec-
> mb%2Farchive%2Fv0.53.zip&amp;data=02%7C01%7Cakhil.goyal%40nxp.com%7
> C5e2b3704135b4de6d5a708d7f51a140b%7C686ea1d3bc2b4c6fa92cd99c5c301
> 635%7C0%7C0%7C637247364662642602&amp;sdata=JuMgmXftLm62TGvaaSo
> OUpSOWGhT9eVQ%2Bb8r3NEFUow%3D&amp;reserved=0>`_.
> +The latest version of the library supported by this PMD is v0.54, which
> +can be downloaded from
> `<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.
> com%2F01org%2Fintel-ipsec-
> mb%2Farchive%2Fv0.54.zip&amp;data=02%7C01%7Cakhil.goyal%40nxp.com%7
> C5e2b3704135b4de6d5a708d7f51a140b%7C686ea1d3bc2b4c6fa92cd99c5c301
> 635%7C0%7C0%7C637247364662642602&amp;sdata=9oDdUezguCEPTCe5FfQS
> w7zJKt5%2BiSUe5v4Ypm5YBIw%3D&amp;reserved=0>`_.
> 
>  After downloading the library, the user needs to unpack and compile it
>  on their system before building DPDK:
> @@ -63,7 +63,7 @@ and the external crypto libraries supported by them:
>     DPDK version   Crypto library version
>     =============  ================================
>     16.11 - 19.11  LibSSO ZUC
> -   20.02+         Multi-buffer library 0.53
> +   20.02+         Multi-buffer library 0.53 - 0.54
>     =============  ================================
> 
> 
> diff --git a/doc/guides/rel_notes/release_20_05.rst
> b/doc/guides/rel_notes/release_20_05.rst
> index fe6c75e..7d3a4bf 100644
> --- a/doc/guides/rel_notes/release_20_05.rst
> +++ b/doc/guides/rel_notes/release_20_05.rst
> @@ -155,6 +155,13 @@ New Features
> 
>    * Added support for intel-ipsec-mb version 0.54.
> 
> +* **Updated the ZUC crypto PMD.**
> +
> +  * Added support for intel-ipsec-mb version 0.54.
> +  * Updated the PMD to support Multi-buffer ZUC-EIA3,
> +    improving performance significantly, when using
> +    intel-ipsec-mb version 0.54
> +
>  * **Added a new driver for Intel Foxville I225 devices.**
> 
>    Added the new ``igc`` net driver for Intel Foxville I225 devices. See the
> diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c
> b/drivers/crypto/zuc/rte_zuc_pmd.c
> index 17926b4..45ae04b 100644
> --- a/drivers/crypto/zuc/rte_zuc_pmd.c
> +++ b/drivers/crypto/zuc/rte_zuc_pmd.c
> @@ -237,12 +237,13 @@ process_zuc_hash_op(struct zuc_qp *qp, struct
> rte_crypto_op **ops,
>  		struct zuc_session **sessions,
>  		uint8_t num_ops)
>  {
> -	unsigned i;
> +	unsigned int i;
>  	uint8_t processed_ops = 0;
> -	uint8_t *src;
> -	uint32_t *dst;
> -	uint32_t length_in_bits;
> -	uint8_t *iv;
> +	uint8_t *src[ZUC_MAX_BURST];
> +	uint32_t *dst[ZUC_MAX_BURST];
> +	uint32_t length_in_bits[ZUC_MAX_BURST];
> +	uint8_t *iv[ZUC_MAX_BURST];
> +	const void *hash_keys[ZUC_MAX_BURST];
>  	struct zuc_session *sess;
> 
>  	for (i = 0; i < num_ops; i++) {
> @@ -255,33 +256,42 @@ process_zuc_hash_op(struct zuc_qp *qp, struct
> rte_crypto_op **ops,
> 
>  		sess = sessions[i];
> 
> -		length_in_bits = ops[i]->sym->auth.data.length;
> +		length_in_bits[i] = ops[i]->sym->auth.data.length;
> 
> -		src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
> +		src[i] = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
>  				(ops[i]->sym->auth.data.offset >> 3);
> -		iv = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
> +		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
>  				sess->auth_iv_offset);
> 
> -		if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
> -			dst = (uint32_t *)qp->temp_digest;
> -
> -			IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess-
> >pKey_hash,
> -					iv, src,
> -					length_in_bits,	dst);
> -			/* Verify digest. */
> -			if (memcmp(dst, ops[i]->sym->auth.digest.data,
> -					ZUC_DIGEST_LENGTH) != 0)
> -				ops[i]->status =
> RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
> -		} else  {
> -			dst = (uint32_t *)ops[i]->sym->auth.digest.data;
> +		hash_keys[i] = sess->pKey_hash;
> +		if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY)
> +			dst[i] = (uint32_t *)qp->temp_digest;
> +		else
> +			dst[i] = (uint32_t *)ops[i]->sym->auth.digest.data;
> 
> -			IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess-
> >pKey_hash,
> -					iv, src,
> -					length_in_bits, dst);
> -		}
> +#if IMB_VERSION_NUM < IMB_VERSION(0, 53, 3)
> +		IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, hash_keys[i],
> +				iv[i], src[i], length_in_bits[i], dst[i]);
> +#endif
>  		processed_ops++;
>  	}
> 
> +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3)
> +	IMB_ZUC_EIA3_N_BUFFER(qp->mb_mgr, (const void **)hash_keys,
> +			(const void **)iv, (const void **)src, length_in_bits,
> +			dst, processed_ops);
> +#endif
> +
> +	/*
> +	 * If tag needs to be verified, compare generated tag
> +	 * with attached tag
> +	 */
> +	for (i = 0; i < processed_ops; i++)
> +		if (sessions[i]->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY)
> +			if (memcmp(dst[i], ops[i]->sym->auth.digest.data,
> +					ZUC_DIGEST_LENGTH) != 0)
> +				ops[i]->status =
> RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
> +
>  	return processed_ops;
>  }
> 
> --
> 2.7.5
diff mbox series

Patch

diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
index 38ea999..c384f3d 100644
--- a/doc/guides/cryptodevs/zuc.rst
+++ b/doc/guides/cryptodevs/zuc.rst
@@ -35,8 +35,8 @@  Installation
 To build DPDK with the ZUC_PMD the user is required to download the multi-buffer
 library from `here <https://github.com/01org/intel-ipsec-mb>`_
 and compile it on their user system before building DPDK.
-The latest version of the library supported by this PMD is v0.53, which
-can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+The latest version of the library supported by this PMD is v0.54, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.54.zip>`_.
 
 After downloading the library, the user needs to unpack and compile it
 on their system before building DPDK:
@@ -63,7 +63,7 @@  and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    16.11 - 19.11  LibSSO ZUC
-   20.02+         Multi-buffer library 0.53
+   20.02+         Multi-buffer library 0.53 - 0.54
    =============  ================================
 
 
diff --git a/doc/guides/rel_notes/release_20_05.rst b/doc/guides/rel_notes/release_20_05.rst
index fe6c75e..7d3a4bf 100644
--- a/doc/guides/rel_notes/release_20_05.rst
+++ b/doc/guides/rel_notes/release_20_05.rst
@@ -155,6 +155,13 @@  New Features
 
   * Added support for intel-ipsec-mb version 0.54.
 
+* **Updated the ZUC crypto PMD.**
+
+  * Added support for intel-ipsec-mb version 0.54.
+  * Updated the PMD to support Multi-buffer ZUC-EIA3,
+    improving performance significantly, when using
+    intel-ipsec-mb version 0.54
+
 * **Added a new driver for Intel Foxville I225 devices.**
 
   Added the new ``igc`` net driver for Intel Foxville I225 devices. See the
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index 17926b4..45ae04b 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -237,12 +237,13 @@  process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 		struct zuc_session **sessions,
 		uint8_t num_ops)
 {
-	unsigned i;
+	unsigned int i;
 	uint8_t processed_ops = 0;
-	uint8_t *src;
-	uint32_t *dst;
-	uint32_t length_in_bits;
-	uint8_t *iv;
+	uint8_t *src[ZUC_MAX_BURST];
+	uint32_t *dst[ZUC_MAX_BURST];
+	uint32_t length_in_bits[ZUC_MAX_BURST];
+	uint8_t *iv[ZUC_MAX_BURST];
+	const void *hash_keys[ZUC_MAX_BURST];
 	struct zuc_session *sess;
 
 	for (i = 0; i < num_ops; i++) {
@@ -255,33 +256,42 @@  process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 
 		sess = sessions[i];
 
-		length_in_bits = ops[i]->sym->auth.data.length;
+		length_in_bits[i] = ops[i]->sym->auth.data.length;
 
-		src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
+		src[i] = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
 				(ops[i]->sym->auth.data.offset >> 3);
-		iv = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+		iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
 				sess->auth_iv_offset);
 
-		if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
-			dst = (uint32_t *)qp->temp_digest;
-
-			IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash,
-					iv, src,
-					length_in_bits,	dst);
-			/* Verify digest. */
-			if (memcmp(dst, ops[i]->sym->auth.digest.data,
-					ZUC_DIGEST_LENGTH) != 0)
-				ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
-		} else  {
-			dst = (uint32_t *)ops[i]->sym->auth.digest.data;
+		hash_keys[i] = sess->pKey_hash;
+		if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY)
+			dst[i] = (uint32_t *)qp->temp_digest;
+		else
+			dst[i] = (uint32_t *)ops[i]->sym->auth.digest.data;
 
-			IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash,
-					iv, src,
-					length_in_bits, dst);
-		}
+#if IMB_VERSION_NUM < IMB_VERSION(0, 53, 3)
+		IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, hash_keys[i],
+				iv[i], src[i], length_in_bits[i], dst[i]);
+#endif
 		processed_ops++;
 	}
 
+#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3)
+	IMB_ZUC_EIA3_N_BUFFER(qp->mb_mgr, (const void **)hash_keys,
+			(const void **)iv, (const void **)src, length_in_bits,
+			dst, processed_ops);
+#endif
+
+	/*
+	 * If tag needs to be verified, compare generated tag
+	 * with attached tag
+	 */
+	for (i = 0; i < processed_ops; i++)
+		if (sessions[i]->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY)
+			if (memcmp(dst[i], ops[i]->sym->auth.digest.data,
+					ZUC_DIGEST_LENGTH) != 0)
+				ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
+
 	return processed_ops;
 }