# - FLEXRAN_SDK
# - LIBMUSDK_PATH
# - LIBSSO_SNOW3G_PATH
-# - LIBSSO_KASUMI_PATH
devtools_dir=$(dirname $(readlink -f $0))
. $devtools_dir/load-devel-config
unset FLEXRAN_SDK
unset LIBMUSDK_PATH
unset LIBSSO_SNOW3G_PATH
- unset LIBSSO_KASUMI_PATH
unset PQOS_INSTALL_PATH
}
sed -ri="" 's,(PMD_AESNI_GCM=)n,\1y,' $1/.config
test "$DPDK_DEP_IPSEC_MB" != y || \
sed -ri="" 's,(PMD_ZUC=)n,\1y,' $1/.config
+ test "$DPDK_DEP_IPSEC_MB" != y || \
+ sed -ri="" 's,(PMD_KASUMI=)n,\1y,' $1/.config
test -z "$LIBSSO_SNOW3G_PATH" || \
sed -ri="" 's,(PMD_SNOW3G=)n,\1y,' $1/.config
- test -z "$LIBSSO_KASUMI_PATH" || \
- sed -ri="" 's,(PMD_KASUMI=)n,\1y,' $1/.config
test "$DPDK_DEP_SSL" != y || \
sed -ri="" 's,(PMD_CCP=)n,\1y,' $1/.config
test "$DPDK_DEP_SSL" != y || \
.. SPDX-License-Identifier: BSD-3-Clause
- Copyright(c) 2016 Intel Corporation.
+ Copyright(c) 2016-2019 Intel Corporation.
KASUMI Crypto Poll Mode Driver
===============================
-The KASUMI PMD (**librte_pmd_kasumi**) provides poll mode crypto driver
-support for utilizing Intel Libsso library, which implements F8 and F9 functions
-for KASUMI UEA1 cipher and UIA1 hash algorithms.
+The KASUMI PMD (**librte_pmd_kasumi**) provides poll mode crypto driver support for
+utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_
+which implements F8 and F9 functions for KASUMI UEA1 cipher and UIA1 hash algorithms.
Features
--------
Installation
------------
-To build DPDK with the KASUMI_PMD the user is required to download
-the export controlled ``libsso_kasumi`` library, by registering in
-`Intel Resource & Design Center <https://www.intel.com/content/www/us/en/design/resource-design-center.html>`_.
-Once approval has been granted, the user needs to search for
-*Kasumi F8 F9 3GPP cryptographic algorithms Software Library* to download the
-library or directly through this `link <https://cdrdv2.intel.com/v1/dl/getContent/575866>`_.
+To build DPDK with the KASUMI_PMD the user is required to download the multi-buffer
+library from `here <https://github.com/01org/intel-ipsec-mb>`_
+and compile it on their user system before building DPDK.
+The latest version of the library supported by this PMD is v0.53, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+
After downloading the library, the user needs to unpack and compile it
-on their system before building DPDK::
+on their system before building DPDK:
+
+.. code-block:: console
- make
+ make
+ make install
-**Note**: When encrypting with KASUMI F8, by default the library
-encrypts full blocks of 8 bytes, regardless the number of bytes to
-be encrypted provided (which leads to a possible buffer overflow).
-To avoid this situation, it is necessary not to pass
-3GPP_SAFE_BUFFERS as a compilation flag.
-Also, this is required when using chained operations
-(cipher-then-auth/auth-then-cipher).
-For this, in the Makefile of the library, make sure that this flag
-is commented out::
+As a reference, the following table shows a mapping between the past DPDK versions
+and the external crypto libraries supported by them:
- #EXTRA_CFLAGS += -D_3GPP_SAFE_BUFFERS
+.. _table_kasumi_versions:
-**Note**: To build the PMD as a shared library, the libsso_kasumi
-library must be built as follows::
+.. table:: DPDK and external crypto library version compatibility
- make KASUMI_CFLAGS=-DKASUMI_C
+ ============= ================================
+ DPDK version Crypto library version
+ ============= ================================
+ 16.11 - 19.11 LibSSO KASUMI
+ 20.02+ Multi-buffer library 0.53
+ ============= ================================
Initialization
In order to enable this virtual crypto PMD, user must:
-* Export the environmental variable LIBSSO_KASUMI_PATH with the path where
- the library was extracted (kasumi folder).
+* Build the multi buffer library (explained in Installation section).
+
+* Build DPDK as follows:
+
+.. code-block:: console
-* Build the LIBSSO library (explained in Installation section).
+ make config T=x86_64-native-linux-gcc
+ sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_KASUMI\)=n,\1=y,' build/.config
+ make
-* Set CONFIG_RTE_LIBRTE_PMD_KASUMI=y in config/common_base.
To use the PMD in an application, user must:
* Removed dynamic library limitation, so PMD can be built as a shared
object now.
+* **Updated the KASUMI PMD.**
+
+ * Transistioned underlying library from libSSO KASUMI to intel-ipsec-mb
+ library (minimum version required 0.53).
+
* **Added Marvell OCTEON TX2 End Point rawdev PMD.**
Added a new OCTEON TX2 rawdev PMD for End Point mode of operation.
include $(RTE_SDK)/mk/rte.vars.mk
-ifneq ($(MAKECMDGOALS),clean)
-ifeq ($(LIBSSO_KASUMI_PATH),)
-$(error "Please define LIBSSO_KASUMI_PATH environment variable")
-endif
-endif
-
# library name
LIB = librte_pmd_kasumi.a
EXPORT_MAP := rte_pmd_kasumi_version.map
# external library dependencies
-CFLAGS += -I$(LIBSSO_KASUMI_PATH)
-CFLAGS += -I$(LIBSSO_KASUMI_PATH)/include
-CFLAGS += -I$(LIBSSO_KASUMI_PATH)/build
-LDLIBS += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi
+LDLIBS += -lIPSec_MB
LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring
LDLIBS += -lrte_cryptodev
LDLIBS += -lrte_bus_vdev
+IMB_HDR = $(shell echo '\#include <intel-ipsec-mb.h>' | \
+ $(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \
+ head -n1 | cut -d'"' -f2)
+
+# Detect library version
+IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2)
+IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3)
+
+ifeq ($(IMB_VERSION),)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
+ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
# library source files
SRCS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += rte_kasumi_pmd.c
SRCS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += rte_kasumi_pmd_ops.c
#ifndef _KASUMI_PMD_PRIVATE_H_
#define _KASUMI_PMD_PRIVATE_H_
-#include <sso_kasumi.h>
+#include <intel-ipsec-mb.h>
#define CRYPTODEV_NAME_KASUMI_PMD crypto_kasumi
/**< KASUMI PMD device name */
struct kasumi_private {
unsigned max_nb_queue_pairs;
/**< Max number of queue pairs supported by device */
+ MB_MGR *mgr;
+ /**< Multi-buffer instance */
};
/** KASUMI buffer queue pair */
* by the driver when verifying a digest provided
* by the user (using authentication verify operation)
*/
+ MB_MGR *mgr;
+ /**< Multi-buffer instance */
} __rte_cache_aligned;
enum kasumi_operation {
/** KASUMI private session structure */
struct kasumi_session {
/* Keys have to be 16-byte aligned */
- sso_kasumi_key_sched_t pKeySched_cipher;
- sso_kasumi_key_sched_t pKeySched_hash;
+ kasumi_key_sched_t pKeySched_cipher;
+ kasumi_key_sched_t pKeySched_hash;
enum kasumi_operation op;
enum rte_crypto_auth_operation auth_op;
uint16_t cipher_iv_offset;
int
-kasumi_set_session_parameters(struct kasumi_session *sess,
+kasumi_set_session_parameters(MB_MGR *mgr, struct kasumi_session *sess,
const struct rte_crypto_sym_xform *xform);
# SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2018 Intel Corporation
+# Copyright(c) 2018-2020 Intel Corporation
-lib = cc.find_library('sso_kasumi', required: false)
-if not lib.found() or not cc.has_header('sso_kasumi.h')
+IMB_required_ver = '0.53.0'
+lib = cc.find_library('IPSec_MB', required: false)
+if not lib.found()
build = false
- reason = 'missing dependency, "libsso_kasumi"'
- subdir_done()
+ reason = 'missing dependency, "libIPSec_MB"'
+else
+ # version comes with quotes, so we split based on " and take the middle
+ imb_ver = cc.get_define('IMB_VERSION_STR',
+ prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
+
+ if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver))
+ reason = 'IPSec_MB version >= @0@ is required, found version @1@'.format(
+ IMB_required_ver, imb_ver)
+ build = false
+ endif
+
endif
allow_experimental_apis = true
/** Parse crypto xform chain and set private session parameters. */
int
-kasumi_set_session_parameters(struct kasumi_session *sess,
+kasumi_set_session_parameters(MB_MGR *mgr, struct kasumi_session *sess,
const struct rte_crypto_sym_xform *xform)
{
const struct rte_crypto_sym_xform *auth_xform = NULL;
}
/* Initialize key */
- sso_kasumi_init_f8_key_sched(cipher_xform->cipher.key.data,
+ IMB_KASUMI_INIT_F8_KEY_SCHED(mgr, cipher_xform->cipher.key.data,
&sess->pKeySched_cipher);
}
sess->auth_op = auth_xform->auth.op;
/* Initialize key */
- sso_kasumi_init_f9_key_sched(auth_xform->auth.key.data,
+ IMB_KASUMI_INIT_F9_KEY_SCHED(mgr, auth_xform->auth.key.data,
&sess->pKeySched_hash);
}
sess = (struct kasumi_session *)_sess_private_data;
- if (unlikely(kasumi_set_session_parameters(sess,
+ if (unlikely(kasumi_set_session_parameters(qp->mgr, sess,
op->sym->xform) != 0)) {
rte_mempool_put(qp->sess_mp, _sess);
rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
/** Encrypt/decrypt mbufs with same cipher key. */
static uint8_t
-process_kasumi_cipher_op(struct rte_crypto_op **ops,
- struct kasumi_session *session,
- uint8_t num_ops)
+process_kasumi_cipher_op(struct kasumi_qp *qp, struct rte_crypto_op **ops,
+ struct kasumi_session *session, uint8_t num_ops)
{
unsigned i;
uint8_t processed_ops = 0;
- uint8_t *src[num_ops], *dst[num_ops];
+ const void *src[num_ops];
+ void *dst[num_ops];
uint8_t *iv_ptr;
uint64_t iv[num_ops];
uint32_t num_bytes[num_ops];
}
if (processed_ops != 0)
- sso_kasumi_f8_n_buffer(&session->pKeySched_cipher, iv,
+ IMB_KASUMI_F8_N_BUFFER(qp->mgr, &session->pKeySched_cipher, iv,
src, dst, num_bytes, processed_ops);
return processed_ops;
/** Encrypt/decrypt mbuf (bit level function). */
static uint8_t
-process_kasumi_cipher_op_bit(struct rte_crypto_op *op,
+process_kasumi_cipher_op_bit(struct kasumi_qp *qp, struct rte_crypto_op *op,
struct kasumi_session *session)
{
uint8_t *src, *dst;
offset_in_bits = op->sym->cipher.data.offset;
src = rte_pktmbuf_mtod(op->sym->m_src, uint8_t *);
- if (op->sym->m_dst == NULL) {
- op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
- KASUMI_LOG(ERR, "bit-level in-place not supported");
- return 0;
- }
- dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
+ if (op->sym->m_dst == NULL)
+ dst = src;
+ else
+ dst = rte_pktmbuf_mtod(op->sym->m_dst, uint8_t *);
iv_ptr = rte_crypto_op_ctod_offset(op, uint8_t *,
session->cipher_iv_offset);
iv = *((uint64_t *)(iv_ptr));
length_in_bits = op->sym->cipher.data.length;
- sso_kasumi_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
+ IMB_KASUMI_F8_1_BUFFER_BIT(qp->mgr, &session->pKeySched_cipher, iv,
src, dst, length_in_bits, offset_in_bits);
return 1;
if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
dst = qp->temp_digest;
- sso_kasumi_f9_1_buffer(&session->pKeySched_hash, src,
+ IMB_KASUMI_F9_1_BUFFER(qp->mgr,
+ &session->pKeySched_hash, src,
num_bytes, dst);
/* Verify digest. */
} else {
dst = ops[i]->sym->auth.digest.data;
- sso_kasumi_f9_1_buffer(&session->pKeySched_hash, src,
+ IMB_KASUMI_F9_1_BUFFER(qp->mgr,
+ &session->pKeySched_hash, src,
num_bytes, dst);
}
processed_ops++;
switch (session->op) {
case KASUMI_OP_ONLY_CIPHER:
- processed_ops = process_kasumi_cipher_op(ops,
+ processed_ops = process_kasumi_cipher_op(qp, ops,
session, num_ops);
break;
case KASUMI_OP_ONLY_AUTH:
num_ops);
break;
case KASUMI_OP_CIPHER_AUTH:
- processed_ops = process_kasumi_cipher_op(ops, session,
+ processed_ops = process_kasumi_cipher_op(qp, ops, session,
num_ops);
process_kasumi_hash_op(qp, ops, session, processed_ops);
break;
case KASUMI_OP_AUTH_CIPHER:
processed_ops = process_kasumi_hash_op(qp, ops, session,
num_ops);
- process_kasumi_cipher_op(ops, session, processed_ops);
+ process_kasumi_cipher_op(qp, ops, session, processed_ops);
break;
default:
/* Operation not supported. */
switch (session->op) {
case KASUMI_OP_ONLY_CIPHER:
- processed_op = process_kasumi_cipher_op_bit(op,
+ processed_op = process_kasumi_cipher_op_bit(qp, op,
session);
break;
case KASUMI_OP_ONLY_AUTH:
processed_op = process_kasumi_hash_op(qp, &op, session, 1);
break;
case KASUMI_OP_CIPHER_AUTH:
- processed_op = process_kasumi_cipher_op_bit(op, session);
+ processed_op = process_kasumi_cipher_op_bit(qp, op, session);
if (processed_op == 1)
process_kasumi_hash_op(qp, &op, session, 1);
break;
case KASUMI_OP_AUTH_CIPHER:
processed_op = process_kasumi_hash_op(qp, &op, session, 1);
if (processed_op == 1)
- process_kasumi_cipher_op_bit(op, session);
+ process_kasumi_cipher_op_bit(qp, op, session);
break;
default:
/* Operation not supported. */
{
struct rte_cryptodev *dev;
struct kasumi_private *internals;
- uint64_t cpu_flags = 0;
+ MB_MGR *mgr;
dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
if (dev == NULL) {
goto init_error;
}
- /* Check CPU for supported vector instruction set */
- if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX))
- cpu_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
- else
- cpu_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
-
dev->driver_id = cryptodev_driver_id;
dev->dev_ops = rte_kasumi_pmd_ops;
dev->enqueue_burst = kasumi_pmd_enqueue_burst;
dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
- RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
- cpu_flags;
+ RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING;
+
+ mgr = alloc_mb_mgr(0);
+ if (mgr == NULL)
+ return -ENOMEM;
+
+ if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) {
+ dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
+ init_mb_mgr_avx(mgr);
+ } else {
+ dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
+ init_mb_mgr_sse(mgr);
+ }
internals = dev->data->dev_private;
internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs;
+ internals->mgr = mgr;
return 0;
init_error:
{
struct rte_cryptodev *cryptodev;
const char *name;
+ struct kasumi_private *internals;
name = rte_vdev_device_name(vdev);
if (name == NULL)
if (cryptodev == NULL)
return -ENODEV;
+ internals = cryptodev->data->dev_private;
+
+ free_mb_mgr(internals->mgr);
+
return rte_cryptodev_pmd_destroy(cryptodev);
}
int socket_id)
{
struct kasumi_qp *qp = NULL;
+ struct kasumi_private *internals = dev->data->dev_private;
/* Free memory prior to re-allocation if needed. */
if (dev->data->queue_pairs[qp_id] != NULL)
if (qp->processed_ops == NULL)
goto qp_setup_cleanup;
+ qp->mgr = internals->mgr;
qp->sess_mp = qp_conf->mp_session;
qp->sess_mp_priv = qp_conf->mp_session_private;
/** Configure a KASUMI session from a crypto xform chain */
static int
-kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
+kasumi_pmd_sym_session_configure(struct rte_cryptodev *dev,
struct rte_crypto_sym_xform *xform,
struct rte_cryptodev_sym_session *sess,
struct rte_mempool *mempool)
{
void *sess_private_data;
int ret;
+ struct kasumi_private *internals = dev->data->dev_private;
if (unlikely(sess == NULL)) {
KASUMI_LOG(ERR, "invalid session struct");
return -ENOMEM;
}
- ret = kasumi_set_session_parameters(sess_private_data, xform);
+ ret = kasumi_set_session_parameters(internals->mgr,
+ sess_private_data, xform);
if (ret != 0) {
KASUMI_LOG(ERR, "failed configure session parameters");
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += -lrte_pmd_snow3g
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += -L$(LIBSSO_SNOW3G_PATH)/build -lsso_snow3g
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += -lrte_pmd_kasumi
-_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += -lIPSec_MB
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -lrte_pmd_zuc
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -lIPSec_MB
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO) += -lrte_pmd_armv8
git.droids-corp.org / dpdk.git / commitdiff