# - DPDK_NOTIFY (notify-send)
# - FLEXRAN_SDK
# - LIBMUSDK_PATH
-# - LIBSSO_SNOW3G_PATH
devtools_dir=$(dirname $(readlink -f $0))
. $devtools_dir/load-devel-config
unset ARMV8_CRYPTO_LIB_PATH
unset FLEXRAN_SDK
unset LIBMUSDK_PATH
- unset LIBSSO_SNOW3G_PATH
unset PQOS_INSTALL_PATH
}
sed -ri="" 's,(PMD_ZUC=)n,\1y,' $1/.config
test "$DPDK_DEP_IPSEC_MB" != y || \
sed -ri="" 's,(PMD_KASUMI=)n,\1y,' $1/.config
- test -z "$LIBSSO_SNOW3G_PATH" || \
+ test "$DPDK_DEP_IPSEC_MB" != y || \
sed -ri="" 's,(PMD_SNOW3G=)n,\1y,' $1/.config
test "$DPDK_DEP_SSL" != y || \
sed -ri="" 's,(PMD_CCP=)n,\1y,' $1/.config
.. SPDX-License-Identifier: BSD-3-Clause
- Copyright(c) 2016 Intel Corporation.
+ Copyright(c) 2016-2019 Intel Corporation.
SNOW 3G Crypto Poll Mode Driver
===============================
-The SNOW 3G PMD (**librte_pmd_snow3g**) provides poll mode crypto driver
-support for utilizing Intel Libsso library, which implements F8 and F9 functions
-for SNOW 3G UEA2 cipher and UIA2 hash algorithms.
+The SNOW3G PMD (**librte_snow3g_zuc**) provides poll mode crypto driver support for
+utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_
+which implements F8 and F8 functions for SNOW 3G UEA2 cipher and UIA2 hash algorithms.
Features
--------
Installation
------------
-To build DPDK with the SNOW3G_PMD the user is required to download
-the export controlled ``libsso_snow3g`` library, by registering in
-`Intel Resource & Design Center <https://www.intel.com/content/www/us/en/design/resource-design-center.html>`_.
-Once approval has been granted, the user needs to search for
-*Snow3G F8 F9 3GPP cryptographic algorithms Software Library* to download the
-library or directly through this `link <https://cdrdv2.intel.com/v1/dl/getContent/575867>`_.
+To build DPDK with the SNOW3G_PMD the user is required to download the multi-buffer
+library from `here <https://github.com/01org/intel-ipsec-mb>`_
+and compile it on their user system before building DPDK.
+The latest version of the library supported by this PMD is v0.53, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+
After downloading the library, the user needs to unpack and compile it
-on their system before building DPDK::
+on their system before building DPDK:
+
+.. code-block:: console
+
+ make
+ make install
- make snow3G
+As a reference, the following table shows a mapping between the past DPDK versions
+and the external crypto libraries supported by them:
-**Note**: When encrypting with SNOW3G UEA2, by default the library
-encrypts blocks of 4 bytes, regardless the number of bytes to
-be encrypted provided (which leads to a possible buffer overflow).
-To avoid this situation, it is necessary not to pass
-3GPP_SAFE_BUFFERS as a compilation flag.
-For this, in the Makefile of the library, make sure that this flag
-is commented out.::
+.. _table_snow3g_versions:
- #EXTRA_CFLAGS += -D_3GPP_SAFE_BUFFERS
+.. table:: DPDK and external crypto library version compatibility
+
+ ============= ================================
+ DPDK version Crypto library version
+ ============= ================================
+ 16.04 - 19.11 LibSSO SNOW3G
+ 20.02+ Multi-buffer library 0.53
+ ============= ================================
Initialization
In order to enable this virtual crypto PMD, user must:
-* Export the environmental variable LIBSSO_SNOW3G_PATH with the path where
- the library was extracted (snow3g folder).
+* Build the multi buffer library (explained in Installation section).
+
+* Build DPDK as follows:
-* Build the LIBSSO_SNOW3G library (explained in Installation section).
+.. code-block:: console
-* Set CONFIG_RTE_LIBRTE_PMD_SNOW3G=y in config/common_base.
+ make config T=x86_64-native-linux-gcc
+ sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_SNOW3G\)=n,\1=y,' build/.config
+ make
To use the PMD in an application, user must:
* Transistioned underlying library from libSSO KASUMI to intel-ipsec-mb
library (minimum version required 0.53).
+* **Updated the SNOW3G PMD.**
+
+ * Transistioned underlying library from libSSO SNOW3G to intel-ipsec-mb
+ library (minimum version required 0.53).
+
* **Added Marvell OCTEON TX2 End Point rawdev PMD.**
Added a new OCTEON TX2 rawdev PMD for End Point mode of operation.
# SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2016 Intel Corporation
+# Copyright(c) 2016-2019 Intel Corporation
include $(RTE_SDK)/mk/rte.vars.mk
-ifneq ($(MAKECMDGOALS),clean)
-ifeq ($(LIBSSO_SNOW3G_PATH),)
-$(error "Please define LIBSSO_SNOW3G_PATH environment variable")
-endif
-endif
-
# library name
LIB = librte_pmd_snow3g.a
EXPORT_MAP := rte_pmd_snow3g_version.map
# external library dependencies
-CFLAGS += -I$(LIBSSO_SNOW3G_PATH)
-CFLAGS += -I$(LIBSSO_SNOW3G_PATH)/include
-CFLAGS += -I$(LIBSSO_SNOW3G_PATH)/build
-LDLIBS += -L$(LIBSSO_SNOW3G_PATH)/build -lsso_snow3g
+LDLIBS += -lIPSec_MB
LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring
LDLIBS += -lrte_cryptodev
LDLIBS += -lrte_bus_vdev
+IMB_HDR = $(shell echo '\#include <intel-ipsec-mb.h>' | \
+ $(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \
+ head -n1 | cut -d'"' -f2)
+
+# Detect library version
+IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2)
+IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3)
+
+ifeq ($(IMB_VERSION),)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
+ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
# library source files
SRCS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += rte_snow3g_pmd.c
SRCS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += rte_snow3g_pmd_ops.c
# SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2019 Intel Corporation
+# Copyright(c) 2019-2020 Intel Corporation
-lib = cc.find_library('sso_snow3g', required: false)
-if not lib.found() or not cc.has_header('sso_snow3g.h')
+IMB_required_ver = '0.53.0'
+lib = cc.find_library('IPSec_MB', required: false)
+if not lib.found()
build = false
- reason = 'missing dependency, "libsso_snow3g"'
- subdir_done()
+ reason = 'missing dependency, "libIPSec_MB"'
+else
+ # version comes with quotes, so we split based on " and take the middle
+ imb_ver = cc.get_define('IMB_VERSION_STR',
+ prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
+
+ if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver))
+ reason = 'IPSec_MB version >= @0@ is required, found version @1@'.format(
+ IMB_required_ver, imb_ver)
+ build = false
+ endif
+
endif
allow_experimental_apis = true
/** Parse crypto xform chain and set private session parameters. */
int
-snow3g_set_session_parameters(struct snow3g_session *sess,
+snow3g_set_session_parameters(MB_MGR *mgr, struct snow3g_session *sess,
const struct rte_crypto_sym_xform *xform)
{
const struct rte_crypto_sym_xform *auth_xform = NULL;
}
if (cipher_xform) {
- uint8_t cipher_key[SNOW3G_MAX_KEY_SIZE];
-
/* Only SNOW 3G UEA2 supported */
if (cipher_xform->cipher.algo != RTE_CRYPTO_CIPHER_SNOW3G_UEA2)
return -ENOTSUP;
sess->cipher_iv_offset = cipher_xform->cipher.iv.offset;
/* Initialize key */
- memcpy(cipher_key, cipher_xform->cipher.key.data,
- cipher_xform->cipher.key.length);
- sso_snow3g_init_key_sched(cipher_key, &sess->pKeySched_cipher);
+ IMB_SNOW3G_INIT_KEY_SCHED(mgr, cipher_xform->cipher.key.data,
+ &sess->pKeySched_cipher);
}
if (auth_xform) {
- uint8_t auth_key[SNOW3G_MAX_KEY_SIZE];
-
/* Only SNOW 3G UIA2 supported */
if (auth_xform->auth.algo != RTE_CRYPTO_AUTH_SNOW3G_UIA2)
return -ENOTSUP;
sess->auth_iv_offset = auth_xform->auth.iv.offset;
/* Initialize key */
- memcpy(auth_key, auth_xform->auth.key.data,
- auth_xform->auth.key.length);
- sso_snow3g_init_key_sched(auth_key, &sess->pKeySched_hash);
+ IMB_SNOW3G_INIT_KEY_SCHED(mgr, auth_xform->auth.key.data,
+ &sess->pKeySched_hash);
}
-
sess->op = mode;
return 0;
sess = (struct snow3g_session *)_sess_private_data;
- if (unlikely(snow3g_set_session_parameters(sess,
+ if (unlikely(snow3g_set_session_parameters(qp->mgr, sess,
op->sym->xform) != 0)) {
rte_mempool_put(qp->sess_mp, _sess);
rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
/** Encrypt/decrypt mbufs with same cipher key. */
static uint8_t
-process_snow3g_cipher_op(struct rte_crypto_op **ops,
+process_snow3g_cipher_op(struct snow3g_qp *qp, struct rte_crypto_op **ops,
struct snow3g_session *session,
uint8_t num_ops)
{
unsigned i;
uint8_t processed_ops = 0;
- uint8_t *src[SNOW3G_MAX_BURST], *dst[SNOW3G_MAX_BURST];
- uint8_t *iv[SNOW3G_MAX_BURST];
+ const void *src[SNOW3G_MAX_BURST];
+ void *dst[SNOW3G_MAX_BURST];
+ const void *iv[SNOW3G_MAX_BURST];
uint32_t num_bytes[SNOW3G_MAX_BURST];
for (i = 0; i < num_ops; i++) {
processed_ops++;
}
- sso_snow3g_f8_n_buffer(&session->pKeySched_cipher, iv, src, dst,
- num_bytes, processed_ops);
+ IMB_SNOW3G_F8_N_BUFFER(qp->mgr, &session->pKeySched_cipher, iv,
+ src, dst, num_bytes, processed_ops);
return processed_ops;
}
/** Encrypt/decrypt mbuf (bit level function). */
static uint8_t
-process_snow3g_cipher_op_bit(struct rte_crypto_op *op,
+process_snow3g_cipher_op_bit(struct snow3g_qp *qp,
+ struct rte_crypto_op *op,
struct snow3g_session *session)
{
uint8_t *src, *dst;
session->cipher_iv_offset);
length_in_bits = op->sym->cipher.data.length;
- sso_snow3g_f8_1_buffer_bit(&session->pKeySched_cipher, iv,
+ IMB_SNOW3G_F8_1_BUFFER_BIT(qp->mgr, &session->pKeySched_cipher, iv,
src, dst, length_in_bits, offset_in_bits);
return 1;
if (session->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
dst = qp->temp_digest;
- sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
- iv, src,
- length_in_bits, dst);
+ IMB_SNOW3G_F9_1_BUFFER(qp->mgr,
+ &session->pKeySched_hash,
+ iv, src, length_in_bits, dst);
/* Verify digest. */
if (memcmp(dst, ops[i]->sym->auth.digest.data,
SNOW3G_DIGEST_LENGTH) != 0)
} else {
dst = ops[i]->sym->auth.digest.data;
- sso_snow3g_f9_1_buffer(&session->pKeySched_hash,
- iv, src,
- length_in_bits, dst);
+ IMB_SNOW3G_F9_1_BUFFER(qp->mgr,
+ &session->pKeySched_hash,
+ iv, src, length_in_bits, dst);
}
processed_ops++;
}
switch (session->op) {
case SNOW3G_OP_ONLY_CIPHER:
- processed_ops = process_snow3g_cipher_op(ops,
+ processed_ops = process_snow3g_cipher_op(qp, ops,
session, num_ops);
break;
case SNOW3G_OP_ONLY_AUTH:
num_ops);
break;
case SNOW3G_OP_CIPHER_AUTH:
- processed_ops = process_snow3g_cipher_op(ops, session,
+ processed_ops = process_snow3g_cipher_op(qp, ops, session,
num_ops);
process_snow3g_hash_op(qp, ops, session, processed_ops);
break;
case SNOW3G_OP_AUTH_CIPHER:
processed_ops = process_snow3g_hash_op(qp, ops, session,
num_ops);
- process_snow3g_cipher_op(ops, session, processed_ops);
+ process_snow3g_cipher_op(qp, ops, session, processed_ops);
break;
default:
/* Operation not supported. */
switch (session->op) {
case SNOW3G_OP_ONLY_CIPHER:
- processed_op = process_snow3g_cipher_op_bit(op,
+ processed_op = process_snow3g_cipher_op_bit(qp, op,
session);
break;
case SNOW3G_OP_ONLY_AUTH:
processed_op = process_snow3g_hash_op(qp, &op, session, 1);
break;
case SNOW3G_OP_CIPHER_AUTH:
- processed_op = process_snow3g_cipher_op_bit(op, session);
+ processed_op = process_snow3g_cipher_op_bit(qp, op, session);
if (processed_op == 1)
process_snow3g_hash_op(qp, &op, session, 1);
break;
case SNOW3G_OP_AUTH_CIPHER:
processed_op = process_snow3g_hash_op(qp, &op, session, 1);
if (processed_op == 1)
- process_snow3g_cipher_op_bit(op, session);
+ process_snow3g_cipher_op_bit(qp, op, session);
break;
default:
/* Operation not supported. */
{
struct rte_cryptodev *dev;
struct snow3g_private *internals;
- uint64_t cpu_flags = RTE_CRYPTODEV_FF_CPU_SSE;
+ MB_MGR *mgr;
dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
if (dev == NULL) {
dev->enqueue_burst = snow3g_pmd_enqueue_burst;
dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
- RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
- cpu_flags;
+ RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING;
+
+ mgr = alloc_mb_mgr(0);
+ if (mgr == NULL)
+ return -ENOMEM;
+
+ if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX2)) {
+ dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX2;
+ init_mb_mgr_avx2(mgr);
+ } else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) {
+ dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
+ init_mb_mgr_avx(mgr);
+ } else {
+ dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
+ init_mb_mgr_sse(mgr);
+ }
internals = dev->data->dev_private;
+ internals->mgr = mgr;
internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs;
{
struct rte_cryptodev *cryptodev;
const char *name;
+ struct snow3g_private *internals;
name = rte_vdev_device_name(vdev);
if (name == NULL)
if (cryptodev == NULL)
return -ENODEV;
+ internals = cryptodev->data->dev_private;
+
+ free_mb_mgr(internals->mgr);
+
return rte_cryptodev_pmd_destroy(cryptodev);
}
int socket_id)
{
struct snow3g_qp *qp = NULL;
+ struct snow3g_private *internals = dev->data->dev_private;
/* Free memory prior to re-allocation if needed. */
if (dev->data->queue_pairs[qp_id] != NULL)
if (qp->processed_ops == NULL)
goto qp_setup_cleanup;
+ qp->mgr = internals->mgr;
qp->sess_mp = qp_conf->mp_session;
qp->sess_mp_priv = qp_conf->mp_session_private;
/** Configure a SNOW 3G session from a crypto xform chain */
static int
-snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused,
+snow3g_pmd_sym_session_configure(struct rte_cryptodev *dev,
struct rte_crypto_sym_xform *xform,
struct rte_cryptodev_sym_session *sess,
struct rte_mempool *mempool)
{
void *sess_private_data;
int ret;
+ struct snow3g_private *internals = dev->data->dev_private;
if (unlikely(sess == NULL)) {
SNOW3G_LOG(ERR, "invalid session struct");
return -ENOMEM;
}
- ret = snow3g_set_session_parameters(sess_private_data, xform);
+ ret = snow3g_set_session_parameters(internals->mgr,
+ sess_private_data, xform);
if (ret != 0) {
SNOW3G_LOG(ERR, "failed configure session parameters");
/* SPDX-License-Identifier: BSD-3-Clause
- * Copyright(c) 2016-2018 Intel Corporation
+ * Copyright(c) 2016-2019 Intel Corporation
*/
#ifndef _SNOW3G_PMD_PRIVATE_H_
#define _SNOW3G_PMD_PRIVATE_H_
-#include <sso_snow3g.h>
+#include <intel-ipsec-mb.h>
#define CRYPTODEV_NAME_SNOW3G_PMD crypto_snow3g
/**< SNOW 3G PMD device name */
struct snow3g_private {
unsigned max_nb_queue_pairs;
/**< Max number of queue pairs supported by device */
+ MB_MGR *mgr;
+ /**< Multi-buffer instance */
};
/** SNOW 3G buffer queue pair */
* by the driver when verifying a digest provided
* by the user (using authentication verify operation)
*/
+ MB_MGR *mgr;
+ /**< Multi-buffer instance */
} __rte_cache_aligned;
enum snow3g_operation {
struct snow3g_session {
enum snow3g_operation op;
enum rte_crypto_auth_operation auth_op;
- sso_snow3g_key_schedule_t pKeySched_cipher;
- sso_snow3g_key_schedule_t pKeySched_hash;
+ snow3g_key_schedule_t pKeySched_cipher;
+ snow3g_key_schedule_t pKeySched_hash;
uint16_t cipher_iv_offset;
uint16_t auth_iv_offset;
} __rte_cache_aligned;
extern int
-snow3g_set_session_parameters(struct snow3g_session *sess,
+snow3g_set_session_parameters(MB_MGR *mgr, struct snow3g_session *sess,
const struct rte_crypto_sym_xform *xform);
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_QAT_ASYM) += -lrte_pmd_qat -lcrypto
endif # CONFIG_RTE_LIBRTE_PMD_QAT
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += -lrte_pmd_snow3g
-_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += -L$(LIBSSO_SNOW3G_PATH)/build -lsso_snow3g
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += -lIPSec_MB
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += -lrte_pmd_kasumi
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += -lIPSec_MB
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -lrte_pmd_zuc
git.droids-corp.org / dpdk.git / commitdiff