[dpdk-dev] [PATCH v2 1/3] crypto/zuc: use IPSec library

Pablo de Lara pablo.de.lara.guarch at intel.com
Mon Jan 13 12:40:23 CET 2020


Link against Intel IPSec Multi-buffer library, which
added support for ZUC-EEA3 and ZUC-EIA3 from version v0.53,
moving from libSSO ZUC library.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch at intel.com>
---
 devtools/test-build.sh                 |  6 ++--
 doc/guides/cryptodevs/zuc.rst          | 52 ++++++++++++++++++++--------------
 doc/guides/rel_notes/release_20_02.rst |  7 +++++
 drivers/crypto/zuc/Makefile            | 28 +++++++++++-------
 drivers/crypto/zuc/meson.build         | 24 ++++++++++++----
 drivers/crypto/zuc/rte_zuc_pmd.c       | 51 ++++++++++++++++++++++++---------
 drivers/crypto/zuc/rte_zuc_pmd_ops.c   |  2 ++
 drivers/crypto/zuc/zuc_pmd_private.h   |  6 +++-
 mk/rte.app.mk                          |  2 +-
 9 files changed, 120 insertions(+), 58 deletions(-)

diff --git a/devtools/test-build.sh b/devtools/test-build.sh
index be565a1..afa0748 100755
--- a/devtools/test-build.sh
+++ b/devtools/test-build.sh
@@ -29,7 +29,6 @@ default_path=$PATH
 # - LIBMUSDK_PATH
 # - LIBSSO_SNOW3G_PATH
 # - LIBSSO_KASUMI_PATH
-# - LIBSSO_ZUC_PATH
 . $(dirname $(readlink -f $0))/load-devel-config
 
 print_usage () {
@@ -123,7 +122,6 @@ reset_env ()
 	unset LIBMUSDK_PATH
 	unset LIBSSO_SNOW3G_PATH
 	unset LIBSSO_KASUMI_PATH
-	unset LIBSSO_ZUC_PATH
 	unset PQOS_INSTALL_PATH
 }
 
@@ -183,12 +181,12 @@ config () # <directory> <target> <options>
 		sed -ri=""       's,(PMD_AESNI_MB=)n,\1y,' $1/.config
 		test "$DPDK_DEP_IPSEC_MB" != y || \
 		sed -ri=""      's,(PMD_AESNI_GCM=)n,\1y,' $1/.config
+		test "$DPDK_DEP_IPSEC_MB" != y || \
+		sed -ri=""            's,(PMD_ZUC=)n,\1y,' $1/.config
 		test -z "$LIBSSO_SNOW3G_PATH" || \
 		sed -ri=""         's,(PMD_SNOW3G=)n,\1y,' $1/.config
 		test -z "$LIBSSO_KASUMI_PATH" || \
 		sed -ri=""         's,(PMD_KASUMI=)n,\1y,' $1/.config
-		test -z "$LIBSSO_ZUC_PATH" || \
-		sed -ri=""            's,(PMD_ZUC=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
 		sed -ri=""            's,(PMD_CCP=)n,\1y,' $1/.config
 		test "$DPDK_DEP_SSL" != y || \
diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst
index 002e986..23d618d 100644
--- a/doc/guides/cryptodevs/zuc.rst
+++ b/doc/guides/cryptodevs/zuc.rst
@@ -1,12 +1,12 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright(c) 2016 Intel Corporation.
+    Copyright(c) 2016-2019 Intel Corporation.
 
 ZUC Crypto Poll Mode Driver
 ===========================
 
-The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver
-support for utilizing Intel Libsso library, which implements F8 and F9 functions
-for ZUC EEA3 cipher and EIA3 hash algorithms.
+The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver support for
+utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_
+which implements F8 and F9 functions for ZUC EEA3 cipher and EIA3 hash algorithms.
 
 Features
 --------
@@ -27,36 +27,46 @@ Limitations
 * Chained mbufs are not supported.
 * ZUC (EIA3) supported only if hash offset field is byte-aligned.
 * ZUC (EEA3) supported only if cipher length, cipher offset fields are byte-aligned.
-* ZUC PMD cannot be built as a shared library, due to limitations in
-  the underlying library.
 
 
 Installation
 ------------
 
-To build DPDK with the ZUC_PMD the user is required to download
-the export controlled ``libsso_zuc`` library, by registering in
-`Intel Resource & Design Center <https://www.intel.com/content/www/us/en/design/resource-design-center.html>`_.
-Once approval has been granted, the user needs to search for
-*ZUC 128-EAA3 and 128-EIA3 3GPP cryptographic algorithms Software Library* to download the
-library or directly through this `link <https://cdrdv2.intel.com/v1/dl/getContent/575868>`_.
+To build DPDK with the ZUC_PMD the user is required to download the multi-buffer
+library from `here <https://github.com/01org/intel-ipsec-mb>`_
+and compile it on their user system before building DPDK.
+The latest version of the library supported by this PMD is v0.53, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
+
 After downloading the library, the user needs to unpack and compile it
-on their system before building DPDK::
+on their system before building DPDK:
+
+.. code-block:: console
+
+    make
+    make install
+
+As a reference, the following table shows a mapping between the past DPDK versions
+and the external crypto libraries supported by them:
+
+.. _table_zuc_versions:
+
+.. table:: DPDK and external crypto library version compatibility
+
+   =============  ================================
+   DPDK version   Crypto library version
+   =============  ================================
+   16.11 - 19.11  LibSSO ZUC
+   20.02+         Multi-buffer library 0.53
+   =============  ================================
 
-   make
 
 Initialization
 --------------
 
 In order to enable this virtual crypto PMD, user must:
 
-* Export the environmental variable LIBSSO_ZUC_PATH with the path where
-  the library was extracted (zuc folder).
-
-* Export the environmental variable LD_LIBRARY_PATH with the path
-  where the built libsso library is (LIBSSO_ZUC_PATH/build).
-
-* Build the LIBSSO_ZUC library (explained in Installation section).
+* Build the multi buffer library (explained in Installation section).
 
 * Build DPDK as follows:
 
diff --git a/doc/guides/rel_notes/release_20_02.rst b/doc/guides/rel_notes/release_20_02.rst
index 0eaa45a..4216e0b 100644
--- a/doc/guides/rel_notes/release_20_02.rst
+++ b/doc/guides/rel_notes/release_20_02.rst
@@ -56,6 +56,13 @@ New Features
      Also, make sure to start the actual text at the margin.
      =========================================================
 
+* **Updated the ZUC PMD.**
+
+  * Transistioned underlying library from libSSO ZUC to intel-ipsec-mb
+    library (minimum version required 0.53).
+  * Removed dynamic library limitation, so PMD can be built as a shared
+    object now.
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/zuc/Makefile b/drivers/crypto/zuc/Makefile
index a01bb6e..b50883b 100644
--- a/drivers/crypto/zuc/Makefile
+++ b/drivers/crypto/zuc/Makefile
@@ -1,14 +1,8 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2016 Intel Corporation
+# Copyright(c) 2016-2019 Intel Corporation
 
 include $(RTE_SDK)/mk/rte.vars.mk
 
-ifneq ($(MAKECMDGOALS),clean)
-ifeq ($(LIBSSO_ZUC_PATH),)
-$(error "Please define LIBSSO_ZUC_PATH environment variable")
-endif
-endif
-
 # library name
 LIB = librte_pmd_zuc.a
 
@@ -21,14 +15,26 @@ CFLAGS += -DALLOW_EXPERIMENTAL_API
 EXPORT_MAP := rte_pmd_zuc_version.map
 
 # external library dependencies
-CFLAGS += -I$(LIBSSO_ZUC_PATH)
-CFLAGS += -I$(LIBSSO_ZUC_PATH)/include
-CFLAGS += -I$(LIBSSO_ZUC_PATH)/build
-LDLIBS += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc
+LDLIBS += -lIPSec_MB
 LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring
 LDLIBS += -lrte_cryptodev
 LDLIBS += -lrte_bus_vdev
 
+IMB_HDR = $(shell echo '\#include <intel-ipsec-mb.h>' | \
+	$(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \
+	head -n1 | cut -d'"' -f2)
+
+# Detect library version
+IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2)
+IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3)
+
+ifeq ($(IMB_VERSION),)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
+
+ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1)
+$(error "IPSec_MB version >= 0.53 is required")
+endif
 # library source files
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += rte_zuc_pmd.c
 SRCS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += rte_zuc_pmd_ops.c
diff --git a/drivers/crypto/zuc/meson.build b/drivers/crypto/zuc/meson.build
index b231de0..b7098a3 100644
--- a/drivers/crypto/zuc/meson.build
+++ b/drivers/crypto/zuc/meson.build
@@ -1,14 +1,26 @@
 # SPDX-License-Identifier: BSD-3-Clause
-# Copyright(c) 2018 Intel Corporation
+# Copyright(c) 2018-2019 Intel Corporation
 
-lib = cc.find_library('sso_zuc', required: false)
-if not lib.found() or not cc.has_header('sso_zuc.h')
+IMB_required_ver = '0.53.0'
+lib = cc.find_library('IPSec_MB', required: false)
+if not lib.found()
 	build = false
-	reason = 'missing dependency, "libsso_zuc"'
-	subdir_done()
+	reason = 'missing dependency, "libIPSec_MB"'
+else
+	ext_deps += lib
+
+	# version comes with quotes, so we split based on " and take the middle
+	imb_ver = cc.get_define('IMB_VERSION_STR',
+		prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
+
+	if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver))
+		message('IPSec_MB version >= @0@ is required, found version @1@'.format(
+				IMB_required_ver, imb_ver))
+		build = false
+	endif
+
 endif
 
 allow_experimental_apis = true
-ext_deps += lib
 sources = files('rte_zuc_pmd.c', 'rte_zuc_pmd_ops.c')
 deps += ['bus_vdev']
diff --git a/drivers/crypto/zuc/rte_zuc_pmd.c b/drivers/crypto/zuc/rte_zuc_pmd.c
index 8e214cd..cdd6220 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd.c
@@ -11,7 +11,7 @@
 #include <rte_cpuflags.h>
 
 #include "zuc_pmd_private.h"
-#define ZUC_MAX_BURST 4
+#define ZUC_MAX_BURST 16
 #define BYTE_LEN 8
 
 static uint8_t cryptodev_driver_id;
@@ -170,7 +170,7 @@ zuc_get_session(struct zuc_qp *qp, struct rte_crypto_op *op)
 
 /** Encrypt/decrypt mbufs. */
 static uint8_t
-process_zuc_cipher_op(struct rte_crypto_op **ops,
+process_zuc_cipher_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 		struct zuc_session **sessions,
 		uint8_t num_ops)
 {
@@ -222,7 +222,8 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
 		processed_ops++;
 	}
 
-	sso_zuc_eea3_n_buffer(cipher_keys, iv, src, dst,
+	IMB_ZUC_EEA3_N_BUFFER(qp->mb_mgr, (const void **)cipher_keys,
+			(const void **)iv, (const void **)src, (void **)dst,
 			num_bytes, processed_ops);
 
 	return processed_ops;
@@ -262,7 +263,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 		if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
 			dst = (uint32_t *)qp->temp_digest;
 
-			sso_zuc_eia3_1_buffer(sess->pKey_hash,
+			IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash,
 					iv, src,
 					length_in_bits,	dst);
 			/* Verify digest. */
@@ -272,7 +273,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
 		} else  {
 			dst = (uint32_t *)ops[i]->sym->auth.digest.data;
 
-			sso_zuc_eia3_1_buffer(sess->pKey_hash,
+			IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash,
 					iv, src,
 					length_in_bits, dst);
 		}
@@ -294,7 +295,7 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type,
 
 	switch (op_type) {
 	case ZUC_OP_ONLY_CIPHER:
-		processed_ops = process_zuc_cipher_op(ops,
+		processed_ops = process_zuc_cipher_op(qp, ops,
 				sessions, num_ops);
 		break;
 	case ZUC_OP_ONLY_AUTH:
@@ -302,14 +303,14 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type,
 				num_ops);
 		break;
 	case ZUC_OP_CIPHER_AUTH:
-		processed_ops = process_zuc_cipher_op(ops, sessions,
+		processed_ops = process_zuc_cipher_op(qp, ops, sessions,
 				num_ops);
 		process_zuc_hash_op(qp, ops, sessions, processed_ops);
 		break;
 	case ZUC_OP_AUTH_CIPHER:
 		processed_ops = process_zuc_hash_op(qp, ops, sessions,
 				num_ops);
-		process_zuc_cipher_op(ops, sessions, processed_ops);
+		process_zuc_cipher_op(qp, ops, sessions, processed_ops);
 		break;
 	default:
 		/* Operation not supported. */
@@ -457,8 +458,7 @@ cryptodev_zuc_create(const char *name,
 {
 	struct rte_cryptodev *dev;
 	struct zuc_private *internals;
-	uint64_t cpu_flags = RTE_CRYPTODEV_FF_CPU_SSE;
-
+	MB_MGR *mb_mgr;
 
 	dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
 	if (dev == NULL) {
@@ -466,6 +466,27 @@ cryptodev_zuc_create(const char *name,
 		goto init_error;
 	}
 
+	dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
+			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING;
+
+	mb_mgr = alloc_mb_mgr(0);
+	if (mb_mgr == NULL)
+		return -ENOMEM;
+
+	if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX512F)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX512;
+		init_mb_mgr_avx512(mb_mgr);
+	} else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX2)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX2;
+		init_mb_mgr_avx2(mb_mgr);
+	} else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
+		init_mb_mgr_avx(mb_mgr);
+	} else {
+		dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
+		init_mb_mgr_sse(mb_mgr);
+	}
+
 	dev->driver_id = cryptodev_driver_id;
 	dev->dev_ops = rte_zuc_pmd_ops;
 
@@ -473,11 +494,8 @@ cryptodev_zuc_create(const char *name,
 	dev->dequeue_burst = zuc_pmd_dequeue_burst;
 	dev->enqueue_burst = zuc_pmd_enqueue_burst;
 
-	dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
-			RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
-			cpu_flags;
-
 	internals = dev->data->dev_private;
+	internals->mb_mgr = mb_mgr;
 
 	internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs;
 
@@ -518,6 +536,7 @@ cryptodev_zuc_remove(struct rte_vdev_device *vdev)
 
 	struct rte_cryptodev *cryptodev;
 	const char *name;
+	struct zuc_private *internals;
 
 	name = rte_vdev_device_name(vdev);
 	if (name == NULL)
@@ -527,6 +546,10 @@ cryptodev_zuc_remove(struct rte_vdev_device *vdev)
 	if (cryptodev == NULL)
 		return -ENODEV;
 
+	internals = cryptodev->data->dev_private;
+
+	free_mb_mgr(internals->mb_mgr);
+
 	return rte_cryptodev_pmd_destroy(cryptodev);
 }
 
diff --git a/drivers/crypto/zuc/rte_zuc_pmd_ops.c b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
index 62f8c6c..ddd0f92 100644
--- a/drivers/crypto/zuc/rte_zuc_pmd_ops.c
+++ b/drivers/crypto/zuc/rte_zuc_pmd_ops.c
@@ -201,6 +201,7 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 		int socket_id)
 {
 	struct zuc_qp *qp = NULL;
+	struct zuc_private *internals = dev->data->dev_private;
 
 	/* Free memory prior to re-allocation if needed. */
 	if (dev->data->queue_pairs[qp_id] != NULL)
@@ -223,6 +224,7 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
 	if (qp->processed_ops == NULL)
 		goto qp_setup_cleanup;
 
+	qp->mb_mgr = internals->mb_mgr;
 	qp->sess_mp = qp_conf->mp_session;
 	qp->sess_mp_priv = qp_conf->mp_session_private;
 
diff --git a/drivers/crypto/zuc/zuc_pmd_private.h b/drivers/crypto/zuc/zuc_pmd_private.h
index 428efd4..47a8b08 100644
--- a/drivers/crypto/zuc/zuc_pmd_private.h
+++ b/drivers/crypto/zuc/zuc_pmd_private.h
@@ -5,7 +5,7 @@
 #ifndef _ZUC_PMD_PRIVATE_H_
 #define _ZUC_PMD_PRIVATE_H_
 
-#include <sso_zuc.h>
+#include <intel-ipsec-mb.h>
 
 #define CRYPTODEV_NAME_ZUC_PMD		crypto_zuc
 /**< KASUMI PMD device name */
@@ -24,6 +24,8 @@ int zuc_logtype_driver;
 struct zuc_private {
 	unsigned max_nb_queue_pairs;
 	/**< Max number of queue pairs supported by device */
+	MB_MGR *mb_mgr;
+	/**< Multi-buffer instance */
 };
 
 /** ZUC buffer queue pair */
@@ -45,6 +47,8 @@ struct zuc_qp {
 	 * by the driver when verifying a digest provided
 	 * by the user (using authentication verify operation)
 	 */
+	MB_MGR *mb_mgr;
+	/**< Multi-buffer instance */
 } __rte_cache_aligned;
 
 enum zuc_operation {
diff --git a/mk/rte.app.mk b/mk/rte.app.mk
index 05ea034..62724cc 100644
--- a/mk/rte.app.mk
+++ b/mk/rte.app.mk
@@ -272,7 +272,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G)      += -L$(LIBSSO_SNOW3G_PATH)/build -l
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -lrte_pmd_kasumi
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI)      += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lrte_pmd_zuc
-_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc
+_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC)         += -lIPSec_MB
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO)    += -lrte_pmd_armv8
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO)    += -L$(ARMV8_CRYPTO_LIB_PATH) -larmv8_crypto
 _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_MVSAM_CRYPTO) += -L$(LIBMUSDK_PATH)/lib -lrte_pmd_mvsam_crypto -lmusdk
-- 
2.7.5



More information about the dev mailing list