From 0b133c36ad7d5fdce852b060d69019d69d48a7cb Mon Sep 17 00:00:00 2001 From: Pablo de Lara Date: Mon, 11 May 2020 10:14:20 +0100 Subject: [PATCH] crypto/zuc: support IPsec Multi-buffer lib v0.54 The latest version of the Intel IPSec Multi-buffer library adds an API to authenticate multiple buffers in parallel. The PMD is modified to use this API, improving performance of the ZUC-EIA3 algorithm. Signed-off-by: Pablo de Lara --- doc/guides/cryptodevs/zuc.rst | 6 +-- doc/guides/rel_notes/release_20_05.rst | 7 ++++ drivers/crypto/zuc/rte_zuc_pmd.c | 58 +++++++++++++++----------- 3 files changed, 44 insertions(+), 27 deletions(-) diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst index 38ea999dc6..c384f3d9e9 100644 --- a/doc/guides/cryptodevs/zuc.rst +++ b/doc/guides/cryptodevs/zuc.rst @@ -35,8 +35,8 @@ Installation To build DPDK with the ZUC_PMD the user is required to download the multi-buffer library from `here `_ and compile it on their user system before building DPDK. -The latest version of the library supported by this PMD is v0.53, which -can be downloaded from ``_. +The latest version of the library supported by this PMD is v0.54, which +can be downloaded from ``_. After downloading the library, the user needs to unpack and compile it on their system before building DPDK: @@ -63,7 +63,7 @@ and the external crypto libraries supported by them: DPDK version Crypto library version ============= ================================ 16.11 - 19.11 LibSSO ZUC - 20.02+ Multi-buffer library 0.53 + 20.02+ Multi-buffer library 0.53 - 0.54 ============= ================================ diff --git a/doc/guides/rel_notes/release_20_05.rst b/doc/guides/rel_notes/release_20_05.rst index 82df72c2b4..0cb5dd1b99 100644 --- a/doc/guides/rel_notes/release_20_05.rst +++ b/doc/guides/rel_notes/release_20_05.rst @@ -155,6 +155,13 @@ New Features * Added support for intel-ipsec-mb version 0.54. +* **Updated the ZUC crypto PMD.** + + * Added support for intel-ipsec-mb version 0.54. + * Updated the PMD to support Multi-buffer ZUC-EIA3, + improving performance significantly, when using + intel-ipsec-mb version 0.54 + * **Added a new driver for Intel Foxville I225 devices.** Added the new ``igc`` net driver for Intel Foxville I225 devices. See the diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c index 4598818735..df8d6f6bbf 100644 --- a/drivers/crypto/zuc/rte_zuc_pmd.c +++ b/drivers/crypto/zuc/rte_zuc_pmd.c @@ -237,12 +237,13 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops, struct zuc_session **sessions, uint8_t num_ops) { - unsigned i; + unsigned int i; uint8_t processed_ops = 0; - uint8_t *src; - uint32_t *dst; - uint32_t length_in_bits; - uint8_t *iv; + uint8_t *src[ZUC_MAX_BURST]; + uint32_t *dst[ZUC_MAX_BURST]; + uint32_t length_in_bits[ZUC_MAX_BURST]; + uint8_t *iv[ZUC_MAX_BURST]; + const void *hash_keys[ZUC_MAX_BURST]; struct zuc_session *sess; for (i = 0; i < num_ops; i++) { @@ -255,33 +256,42 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops, sess = sessions[i]; - length_in_bits = ops[i]->sym->auth.data.length; + length_in_bits[i] = ops[i]->sym->auth.data.length; - src = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) + + src[i] = rte_pktmbuf_mtod(ops[i]->sym->m_src, uint8_t *) + (ops[i]->sym->auth.data.offset >> 3); - iv = rte_crypto_op_ctod_offset(ops[i], uint8_t *, + iv[i] = rte_crypto_op_ctod_offset(ops[i], uint8_t *, sess->auth_iv_offset); - if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) { - dst = (uint32_t *)qp->temp_digest; - - IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash, - iv, src, - length_in_bits, dst); - /* Verify digest. */ - if (memcmp(dst, ops[i]->sym->auth.digest.data, - ZUC_DIGEST_LENGTH) != 0) - ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; - } else { - dst = (uint32_t *)ops[i]->sym->auth.digest.data; + hash_keys[i] = sess->pKey_hash; + if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) + dst[i] = (uint32_t *)qp->temp_digest; + else + dst[i] = (uint32_t *)ops[i]->sym->auth.digest.data; - IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash, - iv, src, - length_in_bits, dst); - } +#if IMB_VERSION_NUM < IMB_VERSION(0, 53, 3) + IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, hash_keys[i], + iv[i], src[i], length_in_bits[i], dst[i]); +#endif processed_ops++; } +#if IMB_VERSION_NUM >= IMB_VERSION(0, 53, 3) + IMB_ZUC_EIA3_N_BUFFER(qp->mb_mgr, (const void **)hash_keys, + (const void * const *)iv, (const void * const *)src, + length_in_bits, dst, processed_ops); +#endif + + /* + * If tag needs to be verified, compare generated tag + * with attached tag + */ + for (i = 0; i < processed_ops; i++) + if (sessions[i]->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) + if (memcmp(dst[i], ops[i]->sym->auth.digest.data, + ZUC_DIGEST_LENGTH) != 0) + ops[i]->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; + return processed_ops; } -- 2.20.1