From: Pablo de Lara Date: Mon, 20 Jan 2020 11:47:54 +0000 (+0000) Subject: crypto/zuc: use IPsec library X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=61f7c988e39e;p=dpdk.git crypto/zuc: use IPsec library Link against Intel IPsec Multi-buffer library, which added support for ZUC-EEA3 and ZUC-EIA3 from version v0.53, moving from libSSO ZUC library. Signed-off-by: Pablo de Lara Acked-by: Akhil Goyal --- diff --git a/devtools/test-build.sh b/devtools/test-build.sh index c30c53d189..0900bf98ab 100755 --- a/devtools/test-build.sh +++ b/devtools/test-build.sh @@ -31,7 +31,6 @@ default_path=$PATH # - LIBMUSDK_PATH # - LIBSSO_SNOW3G_PATH # - LIBSSO_KASUMI_PATH -# - LIBSSO_ZUC_PATH devtools_dir=$(dirname $(readlink -f $0)) . $devtools_dir/load-devel-config @@ -127,7 +126,6 @@ reset_env () unset LIBMUSDK_PATH unset LIBSSO_SNOW3G_PATH unset LIBSSO_KASUMI_PATH - unset LIBSSO_ZUC_PATH unset PQOS_INSTALL_PATH } @@ -187,12 +185,12 @@ config () # sed -ri="" 's,(PMD_AESNI_MB=)n,\1y,' $1/.config test "$DPDK_DEP_IPSEC_MB" != y || \ sed -ri="" 's,(PMD_AESNI_GCM=)n,\1y,' $1/.config + test "$DPDK_DEP_IPSEC_MB" != y || \ + sed -ri="" 's,(PMD_ZUC=)n,\1y,' $1/.config test -z "$LIBSSO_SNOW3G_PATH" || \ sed -ri="" 's,(PMD_SNOW3G=)n,\1y,' $1/.config test -z "$LIBSSO_KASUMI_PATH" || \ sed -ri="" 's,(PMD_KASUMI=)n,\1y,' $1/.config - test -z "$LIBSSO_ZUC_PATH" || \ - sed -ri="" 's,(PMD_ZUC=)n,\1y,' $1/.config test "$DPDK_DEP_SSL" != y || \ sed -ri="" 's,(PMD_CCP=)n,\1y,' $1/.config test "$DPDK_DEP_SSL" != y || \ diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst index 002e986da4..23d618da5a 100644 --- a/doc/guides/cryptodevs/zuc.rst +++ b/doc/guides/cryptodevs/zuc.rst @@ -1,12 +1,12 @@ .. SPDX-License-Identifier: BSD-3-Clause - Copyright(c) 2016 Intel Corporation. + Copyright(c) 2016-2019 Intel Corporation. ZUC Crypto Poll Mode Driver =========================== -The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver -support for utilizing Intel Libsso library, which implements F8 and F9 functions -for ZUC EEA3 cipher and EIA3 hash algorithms. +The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver support for +utilizing `Intel IPSec Multi-buffer library `_ +which implements F8 and F9 functions for ZUC EEA3 cipher and EIA3 hash algorithms. Features -------- @@ -27,36 +27,46 @@ Limitations * Chained mbufs are not supported. * ZUC (EIA3) supported only if hash offset field is byte-aligned. * ZUC (EEA3) supported only if cipher length, cipher offset fields are byte-aligned. -* ZUC PMD cannot be built as a shared library, due to limitations in - the underlying library. Installation ------------ -To build DPDK with the ZUC_PMD the user is required to download -the export controlled ``libsso_zuc`` library, by registering in -`Intel Resource & Design Center `_. -Once approval has been granted, the user needs to search for -*ZUC 128-EAA3 and 128-EIA3 3GPP cryptographic algorithms Software Library* to download the -library or directly through this `link `_. +To build DPDK with the ZUC_PMD the user is required to download the multi-buffer +library from `here `_ +and compile it on their user system before building DPDK. +The latest version of the library supported by this PMD is v0.53, which +can be downloaded from ``_. + After downloading the library, the user needs to unpack and compile it -on their system before building DPDK:: +on their system before building DPDK: + +.. code-block:: console + + make + make install + +As a reference, the following table shows a mapping between the past DPDK versions +and the external crypto libraries supported by them: + +.. _table_zuc_versions: + +.. table:: DPDK and external crypto library version compatibility + + ============= ================================ + DPDK version Crypto library version + ============= ================================ + 16.11 - 19.11 LibSSO ZUC + 20.02+ Multi-buffer library 0.53 + ============= ================================ - make Initialization -------------- In order to enable this virtual crypto PMD, user must: -* Export the environmental variable LIBSSO_ZUC_PATH with the path where - the library was extracted (zuc folder). - -* Export the environmental variable LD_LIBRARY_PATH with the path - where the built libsso library is (LIBSSO_ZUC_PATH/build). - -* Build the LIBSSO_ZUC library (explained in Installation section). +* Build the multi buffer library (explained in Installation section). * Build DPDK as follows: diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst index 6d43cd998b..ff309ac966 100644 --- a/doc/guides/rel_notes/release_20_02.rst +++ b/doc/guides/rel_notes/release_20_02.rst @@ -138,6 +138,13 @@ New Features Such algorithm combinations are not supported on GEN1/GEN2 hardware and executing the request returns RTE_CRYPTO_OP_STATUS_INVALID_SESSION. +* **Updated the ZUC PMD.** + + * Transistioned underlying library from libSSO ZUC to intel-ipsec-mb + library (minimum version required 0.53). + * Removed dynamic library limitation, so PMD can be built as a shared + object now. + * **Added Marvell OCTEON TX2 End Point rawdev PMD.** Added a new OCTEON TX2 rawdev PMD for End Point mode of operation. diff --git a/drivers/crypto/zuc/Makefile b/drivers/crypto/zuc/Makefile index a01bb6ecbc..b50883b2a7 100644 --- a/drivers/crypto/zuc/Makefile +++ b/drivers/crypto/zuc/Makefile @@ -1,14 +1,8 @@ # SPDX-License-Identifier: BSD-3-Clause -# Copyright(c) 2016 Intel Corporation +# Copyright(c) 2016-2019 Intel Corporation include $(RTE_SDK)/mk/rte.vars.mk -ifneq ($(MAKECMDGOALS),clean) -ifeq ($(LIBSSO_ZUC_PATH),) -$(error "Please define LIBSSO_ZUC_PATH environment variable") -endif -endif - # library name LIB = librte_pmd_zuc.a @@ -21,14 +15,26 @@ CFLAGS += -DALLOW_EXPERIMENTAL_API EXPORT_MAP := rte_pmd_zuc_version.map # external library dependencies -CFLAGS += -I$(LIBSSO_ZUC_PATH) -CFLAGS += -I$(LIBSSO_ZUC_PATH)/include -CFLAGS += -I$(LIBSSO_ZUC_PATH)/build -LDLIBS += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc +LDLIBS += -lIPSec_MB LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring LDLIBS += -lrte_cryptodev LDLIBS += -lrte_bus_vdev +IMB_HDR = $(shell echo '\#include ' | \ + $(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \ + head -n1 | cut -d'"' -f2) + +# Detect library version +IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2) +IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3) + +ifeq ($(IMB_VERSION),) +$(error "IPSec_MB version >= 0.53 is required") +endif + +ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1) +$(error "IPSec_MB version >= 0.53 is required") +endif # library source files SRCS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += rte_zuc_pmd.c SRCS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += rte_zuc_pmd_ops.c diff --git a/drivers/crypto/zuc/meson.build b/drivers/crypto/zuc/meson.build index b231de0bae..be3824c54c 100644 --- a/drivers/crypto/zuc/meson.build +++ b/drivers/crypto/zuc/meson.build @@ -1,11 +1,22 @@ # SPDX-License-Identifier: BSD-3-Clause -# Copyright(c) 2018 Intel Corporation +# Copyright(c) 2018-2020 Intel Corporation -lib = cc.find_library('sso_zuc', required: false) -if not lib.found() or not cc.has_header('sso_zuc.h') +IMB_required_ver = '0.53.0' +lib = cc.find_library('IPSec_MB', required: false) +if not lib.found() build = false - reason = 'missing dependency, "libsso_zuc"' - subdir_done() + reason = 'missing dependency, "libIPSec_MB"' +else + # version comes with quotes, so we split based on " and take the middle + imb_ver = cc.get_define('IMB_VERSION_STR', + prefix : '#include').split('"')[1] + + if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver)) + reason = 'IPSec_MB version >= @0@ is required, found version @1@'.format( + IMB_required_ver, imb_ver) + build = false + endif + endif allow_experimental_apis = true diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c index 8e214cd50e..9e06ab7c95 100644 --- a/drivers/crypto/zuc/rte_zuc_pmd.c +++ b/drivers/crypto/zuc/rte_zuc_pmd.c @@ -11,7 +11,7 @@ #include #include "zuc_pmd_private.h" -#define ZUC_MAX_BURST 4 +#define ZUC_MAX_BURST 16 #define BYTE_LEN 8 static uint8_t cryptodev_driver_id; @@ -170,16 +170,17 @@ zuc_get_session(struct zuc_qp *qp, struct rte_crypto_op *op) /** Encrypt/decrypt mbufs. */ static uint8_t -process_zuc_cipher_op(struct rte_crypto_op **ops, +process_zuc_cipher_op(struct zuc_qp *qp, struct rte_crypto_op **ops, struct zuc_session **sessions, uint8_t num_ops) { unsigned i; uint8_t processed_ops = 0; - uint8_t *src[ZUC_MAX_BURST], *dst[ZUC_MAX_BURST]; - uint8_t *iv[ZUC_MAX_BURST]; + const void *src[ZUC_MAX_BURST]; + void *dst[ZUC_MAX_BURST]; + const void *iv[ZUC_MAX_BURST]; uint32_t num_bytes[ZUC_MAX_BURST]; - uint8_t *cipher_keys[ZUC_MAX_BURST]; + const void *cipher_keys[ZUC_MAX_BURST]; struct zuc_session *sess; for (i = 0; i < num_ops; i++) { @@ -222,7 +223,8 @@ process_zuc_cipher_op(struct rte_crypto_op **ops, processed_ops++; } - sso_zuc_eea3_n_buffer(cipher_keys, iv, src, dst, + IMB_ZUC_EEA3_N_BUFFER(qp->mb_mgr, (const void **)cipher_keys, + (const void **)iv, (const void **)src, (void **)dst, num_bytes, processed_ops); return processed_ops; @@ -262,7 +264,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops, if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) { dst = (uint32_t *)qp->temp_digest; - sso_zuc_eia3_1_buffer(sess->pKey_hash, + IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash, iv, src, length_in_bits, dst); /* Verify digest. */ @@ -272,7 +274,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops, } else { dst = (uint32_t *)ops[i]->sym->auth.digest.data; - sso_zuc_eia3_1_buffer(sess->pKey_hash, + IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash, iv, src, length_in_bits, dst); } @@ -294,7 +296,7 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type, switch (op_type) { case ZUC_OP_ONLY_CIPHER: - processed_ops = process_zuc_cipher_op(ops, + processed_ops = process_zuc_cipher_op(qp, ops, sessions, num_ops); break; case ZUC_OP_ONLY_AUTH: @@ -302,14 +304,14 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type, num_ops); break; case ZUC_OP_CIPHER_AUTH: - processed_ops = process_zuc_cipher_op(ops, sessions, + processed_ops = process_zuc_cipher_op(qp, ops, sessions, num_ops); process_zuc_hash_op(qp, ops, sessions, processed_ops); break; case ZUC_OP_AUTH_CIPHER: processed_ops = process_zuc_hash_op(qp, ops, sessions, num_ops); - process_zuc_cipher_op(ops, sessions, processed_ops); + process_zuc_cipher_op(qp, ops, sessions, processed_ops); break; default: /* Operation not supported. */ @@ -457,8 +459,7 @@ cryptodev_zuc_create(const char *name, { struct rte_cryptodev *dev; struct zuc_private *internals; - uint64_t cpu_flags = RTE_CRYPTODEV_FF_CPU_SSE; - + MB_MGR *mb_mgr; dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params); if (dev == NULL) { @@ -466,6 +467,27 @@ cryptodev_zuc_create(const char *name, goto init_error; } + dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | + RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING; + + mb_mgr = alloc_mb_mgr(0); + if (mb_mgr == NULL) + return -ENOMEM; + + if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX512F)) { + dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX512; + init_mb_mgr_avx512(mb_mgr); + } else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX2)) { + dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX2; + init_mb_mgr_avx2(mb_mgr); + } else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) { + dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX; + init_mb_mgr_avx(mb_mgr); + } else { + dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE; + init_mb_mgr_sse(mb_mgr); + } + dev->driver_id = cryptodev_driver_id; dev->dev_ops = rte_zuc_pmd_ops; @@ -473,11 +495,8 @@ cryptodev_zuc_create(const char *name, dev->dequeue_burst = zuc_pmd_dequeue_burst; dev->enqueue_burst = zuc_pmd_enqueue_burst; - dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO | - RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | - cpu_flags; - internals = dev->data->dev_private; + internals->mb_mgr = mb_mgr; internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs; @@ -518,6 +537,7 @@ cryptodev_zuc_remove(struct rte_vdev_device *vdev) struct rte_cryptodev *cryptodev; const char *name; + struct zuc_private *internals; name = rte_vdev_device_name(vdev); if (name == NULL) @@ -527,6 +547,10 @@ cryptodev_zuc_remove(struct rte_vdev_device *vdev) if (cryptodev == NULL) return -ENODEV; + internals = cryptodev->data->dev_private; + + free_mb_mgr(internals->mb_mgr); + return rte_cryptodev_pmd_destroy(cryptodev); } diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c index 62f8c6cedd..ddd0f9243d 100644 --- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c +++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c @@ -201,6 +201,7 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, int socket_id) { struct zuc_qp *qp = NULL; + struct zuc_private *internals = dev->data->dev_private; /* Free memory prior to re-allocation if needed. */ if (dev->data->queue_pairs[qp_id] != NULL) @@ -223,6 +224,7 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id, if (qp->processed_ops == NULL) goto qp_setup_cleanup; + qp->mb_mgr = internals->mb_mgr; qp->sess_mp = qp_conf->mp_session; qp->sess_mp_priv = qp_conf->mp_session_private; diff --git a/drivers/crypto/zuc/zuc_pmd_private.h b/drivers/crypto/zuc/zuc_pmd_private.h index 428efd4bb5..47a8b08dd7 100644 --- a/drivers/crypto/zuc/zuc_pmd_private.h +++ b/drivers/crypto/zuc/zuc_pmd_private.h @@ -5,7 +5,7 @@ #ifndef _ZUC_PMD_PRIVATE_H_ #define _ZUC_PMD_PRIVATE_H_ -#include +#include #define CRYPTODEV_NAME_ZUC_PMD crypto_zuc /**< KASUMI PMD device name */ @@ -24,6 +24,8 @@ int zuc_logtype_driver; struct zuc_private { unsigned max_nb_queue_pairs; /**< Max number of queue pairs supported by device */ + MB_MGR *mb_mgr; + /**< Multi-buffer instance */ }; /** ZUC buffer queue pair */ @@ -45,6 +47,8 @@ struct zuc_qp { * by the driver when verifying a digest provided * by the user (using authentication verify operation) */ + MB_MGR *mb_mgr; + /**< Multi-buffer instance */ } __rte_cache_aligned; enum zuc_operation { diff --git a/mk/rte.app.mk b/mk/rte.app.mk index b33cd8a350..dfc3013089 100644 --- a/mk/rte.app.mk +++ b/mk/rte.app.mk @@ -282,7 +282,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += -L$(LIBSSO_SNOW3G_PATH)/build -l _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += -lrte_pmd_kasumi _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -lrte_pmd_zuc -_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc +_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -lIPSec_MB _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO) += -lrte_pmd_armv8 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO) += -L$(ARMV8_CRYPTO_LIB_PATH) -larmv8_crypto _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_MVSAM_CRYPTO) += -L$(LIBMUSDK_PATH)/lib -lrte_pmd_mvsam_crypto -lmusdk