crypto/zuc: support IPsec Multi-buffer lib v0.54

The latest version of the Intel IPSec Multi-buffer library
adds an API to authenticate multiple buffers in parallel.
The PMD is modified to use this API, improving
performance of the ZUC-EIA3 algorithm.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
index 38ea999..c384f3d 100644 (file)
--- a/doc/guides/cryptodevs/zuc.rst
+++ b/doc/guides/cryptodevs/zuc.rst
@@ -35,8 +35,8 @@ Installation
 To build DPDK with the ZUC_PMD the user is required to download the multi-buffer
 library from `here <https://github.com/01org/intel-ipsec-mb>`_
 and compile it on their user system before building DPDK.
-The latest version of the library supported by this PMD is v0.53, which
-can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+The latest version of the library supported by this PMD is v0.54, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.54.zip>`_.
 
 After downloading the library, the user needs to unpack and compile it
 on their system before building DPDK:
@@ -63,7 +63,7 @@ and the external crypto libraries supported by them:
    DPDK version   Crypto library version
    =============  ================================
    16.11 - 19.11  LibSSO ZUC
-   20.02+         Multi-buffer library 0.53
+   20.02+         Multi-buffer library 0.53 - 0.54
    =============  ================================
 
 

diff --git a/doc/guides/rel_notes/release_20_05.rst b/doc/guides/rel_notes/release_20_05.rst
index 82df72c..0cb5dd1 100644 (file)
--- a/doc/guides/rel_notes/release_20_05.rst
+++ b/doc/guides/rel_notes/release_20_05.rst
@@ -155,6 +155,13 @@ New Features
 
   * Added support for intel-ipsec-mb version 0.54.
 
+* **Updated the ZUC crypto PMD.**
+
+  * Added support for intel-ipsec-mb version 0.54.
+  * Updated the PMD to support Multi-buffer ZUC-EIA3,
+    improving performance significantly, when using
+    intel-ipsec-mb version 0.54
+
 * **Added a new driver for Intel Foxville I225 devices.**
 
   Added the new ``igc`` net driver for Intel Foxville I225 devices. See the

diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index 4598818..df8d6f6 100644 (file)
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -237,12 +237,13 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
                struct zuc_session **sessions,
                uint8_t num_ops)
 {
-       unsigned i;
+       unsigned int i;
        uint8_t processed_ops = 0;
-       uint8_t *src;
-       uint32_t *dst;
-       uint32_t length_in_bits;
-       uint8_t *iv;
+       uint8_t *src[ZUC_MAX_BURST];
+       uint32_t *dst[ZUC_MAX_BURST];
+       uint32_t length_in_bits[ZUC_MAX_BURST];
+       uint8_t *iv[ZUC_MAX_BURST];
+       const void *hash_keys[ZUC_MAX_BURST];
        struct zuc_session *sess;
 
        for (i = 0; i < num_ops; i++) {
@@ -255,33 +256,42 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 
                sess = sessions[i];
 
-               length_in_bits = ops[i]->sym->auth.data.length;
+               length_in_bits[i] = ops[i]->sym->auth.data.length;
 
-               src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
+               src[i] = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) +
                                (ops[i]->sym->auth.data.offset >> 3);
-               iv = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
+               iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *,
                                sess->auth_iv_offset);
 
-               if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
-                       dst = (uint32_t *)qp->temp_digest;
-
-                       IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash,
-                                       iv, src,
-                                       length_in_bits, dst);
-                       /* Verify digest. */
-                       if (memcmp(dst, ops[i]->sym->auth.digest.data,
-                                       ZUC_DIGEST_LENGTH) != 0)
-                               ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
-               } else  {
-                       dst = (uint32_t *)ops[i]->sym->auth.digest.data;
+               hash_keys[i] = sess->pKey_hash;
+               if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY)
+                       dst[i] = (uint32_t *)qp->temp_digest;
+               else
+                       dst[i] = (uint32_t *)ops[i]->sym->auth.digest.data;
 
-                       IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash,
-                                       iv, src,
-                                       length_in_bits, dst);
-               }
+#if IMB_VERSION_NUM < IMB_VERSION(0, 53, 3)
+               IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, hash_keys[i],
+                               iv[i], src[i], length_in_bits[i], dst[i]);
+#endif
                processed_ops++;
        }
 
+#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3)
+       IMB_ZUC_EIA3_N_BUFFER(qp->mb_mgr, (const void **)hash_keys,
+                       (const void * const *)iv, (const void * const *)src,
+                       length_in_bits, dst, processed_ops);
+#endif
+
+       /*
+        * If tag needs to be verified, compare generated tag
+        * with attached tag
+        */
+       for (i = 0; i < processed_ops; i++)
+               if (sessions[i]->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY)
+                       if (memcmp(dst[i], ops[i]->sym->auth.digest.data,
+                                       ZUC_DIGEST_LENGTH) != 0)
+                               ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED;
+
        return processed_ops;
 }