crypto/zuc: use IPsec library
Link against Intel IPsec Multi-buffer library, which added support for ZUC-EEA3 and ZUC-EIA3 from version v0.53, moving from libSSO ZUC library. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This commit is contained in:
parent
c6420a3632
commit
61f7c988e3
@ -31,7 +31,6 @@ default_path=$PATH
|
||||
# - LIBMUSDK_PATH
|
||||
# - LIBSSO_SNOW3G_PATH
|
||||
# - LIBSSO_KASUMI_PATH
|
||||
# - LIBSSO_ZUC_PATH
|
||||
devtools_dir=$(dirname $(readlink -f $0))
|
||||
. $devtools_dir/load-devel-config
|
||||
|
||||
@ -127,7 +126,6 @@ reset_env ()
|
||||
unset LIBMUSDK_PATH
|
||||
unset LIBSSO_SNOW3G_PATH
|
||||
unset LIBSSO_KASUMI_PATH
|
||||
unset LIBSSO_ZUC_PATH
|
||||
unset PQOS_INSTALL_PATH
|
||||
}
|
||||
|
||||
@ -187,12 +185,12 @@ config () # <directory> <target> <options>
|
||||
sed -ri="" 's,(PMD_AESNI_MB=)n,\1y,' $1/.config
|
||||
test "$DPDK_DEP_IPSEC_MB" != y || \
|
||||
sed -ri="" 's,(PMD_AESNI_GCM=)n,\1y,' $1/.config
|
||||
test "$DPDK_DEP_IPSEC_MB" != y || \
|
||||
sed -ri="" 's,(PMD_ZUC=)n,\1y,' $1/.config
|
||||
test -z "$LIBSSO_SNOW3G_PATH" || \
|
||||
sed -ri="" 's,(PMD_SNOW3G=)n,\1y,' $1/.config
|
||||
test -z "$LIBSSO_KASUMI_PATH" || \
|
||||
sed -ri="" 's,(PMD_KASUMI=)n,\1y,' $1/.config
|
||||
test -z "$LIBSSO_ZUC_PATH" || \
|
||||
sed -ri="" 's,(PMD_ZUC=)n,\1y,' $1/.config
|
||||
test "$DPDK_DEP_SSL" != y || \
|
||||
sed -ri="" 's,(PMD_CCP=)n,\1y,' $1/.config
|
||||
test "$DPDK_DEP_SSL" != y || \
|
||||
|
@ -1,12 +1,12 @@
|
||||
.. SPDX-License-Identifier: BSD-3-Clause
|
||||
Copyright(c) 2016 Intel Corporation.
|
||||
Copyright(c) 2016-2019 Intel Corporation.
|
||||
|
||||
ZUC Crypto Poll Mode Driver
|
||||
===========================
|
||||
|
||||
The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver
|
||||
support for utilizing Intel Libsso library, which implements F8 and F9 functions
|
||||
for ZUC EEA3 cipher and EIA3 hash algorithms.
|
||||
The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver support for
|
||||
utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_
|
||||
which implements F8 and F9 functions for ZUC EEA3 cipher and EIA3 hash algorithms.
|
||||
|
||||
Features
|
||||
--------
|
||||
@ -27,36 +27,46 @@ Limitations
|
||||
* Chained mbufs are not supported.
|
||||
* ZUC (EIA3) supported only if hash offset field is byte-aligned.
|
||||
* ZUC (EEA3) supported only if cipher length, cipher offset fields are byte-aligned.
|
||||
* ZUC PMD cannot be built as a shared library, due to limitations in
|
||||
the underlying library.
|
||||
|
||||
|
||||
Installation
|
||||
------------
|
||||
|
||||
To build DPDK with the ZUC_PMD the user is required to download
|
||||
the export controlled ``libsso_zuc`` library, by registering in
|
||||
`Intel Resource & Design Center <https://www.intel.com/content/www/us/en/design/resource-design-center.html>`_.
|
||||
Once approval has been granted, the user needs to search for
|
||||
*ZUC 128-EAA3 and 128-EIA3 3GPP cryptographic algorithms Software Library* to download the
|
||||
library or directly through this `link <https://cdrdv2.intel.com/v1/dl/getContent/575868>`_.
|
||||
After downloading the library, the user needs to unpack and compile it
|
||||
on their system before building DPDK::
|
||||
To build DPDK with the ZUC_PMD the user is required to download the multi-buffer
|
||||
library from `here <https://github.com/01org/intel-ipsec-mb>`_
|
||||
and compile it on their user system before building DPDK.
|
||||
The latest version of the library supported by this PMD is v0.53, which
|
||||
can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
|
||||
|
||||
After downloading the library, the user needs to unpack and compile it
|
||||
on their system before building DPDK:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
make
|
||||
make install
|
||||
|
||||
As a reference, the following table shows a mapping between the past DPDK versions
|
||||
and the external crypto libraries supported by them:
|
||||
|
||||
.. _table_zuc_versions:
|
||||
|
||||
.. table:: DPDK and external crypto library version compatibility
|
||||
|
||||
============= ================================
|
||||
DPDK version Crypto library version
|
||||
============= ================================
|
||||
16.11 - 19.11 LibSSO ZUC
|
||||
20.02+ Multi-buffer library 0.53
|
||||
============= ================================
|
||||
|
||||
make
|
||||
|
||||
Initialization
|
||||
--------------
|
||||
|
||||
In order to enable this virtual crypto PMD, user must:
|
||||
|
||||
* Export the environmental variable LIBSSO_ZUC_PATH with the path where
|
||||
the library was extracted (zuc folder).
|
||||
|
||||
* Export the environmental variable LD_LIBRARY_PATH with the path
|
||||
where the built libsso library is (LIBSSO_ZUC_PATH/build).
|
||||
|
||||
* Build the LIBSSO_ZUC library (explained in Installation section).
|
||||
* Build the multi buffer library (explained in Installation section).
|
||||
|
||||
* Build DPDK as follows:
|
||||
|
||||
|
@ -138,6 +138,13 @@ New Features
|
||||
Such algorithm combinations are not supported on GEN1/GEN2 hardware
|
||||
and executing the request returns RTE_CRYPTO_OP_STATUS_INVALID_SESSION.
|
||||
|
||||
* **Updated the ZUC PMD.**
|
||||
|
||||
* Transistioned underlying library from libSSO ZUC to intel-ipsec-mb
|
||||
library (minimum version required 0.53).
|
||||
* Removed dynamic library limitation, so PMD can be built as a shared
|
||||
object now.
|
||||
|
||||
* **Added Marvell OCTEON TX2 End Point rawdev PMD.**
|
||||
|
||||
Added a new OCTEON TX2 rawdev PMD for End Point mode of operation.
|
||||
|
@ -1,14 +1,8 @@
|
||||
# SPDX-License-Identifier: BSD-3-Clause
|
||||
# Copyright(c) 2016 Intel Corporation
|
||||
# Copyright(c) 2016-2019 Intel Corporation
|
||||
|
||||
include $(RTE_SDK)/mk/rte.vars.mk
|
||||
|
||||
ifneq ($(MAKECMDGOALS),clean)
|
||||
ifeq ($(LIBSSO_ZUC_PATH),)
|
||||
$(error "Please define LIBSSO_ZUC_PATH environment variable")
|
||||
endif
|
||||
endif
|
||||
|
||||
# library name
|
||||
LIB = librte_pmd_zuc.a
|
||||
|
||||
@ -21,14 +15,26 @@ CFLAGS += -DALLOW_EXPERIMENTAL_API
|
||||
EXPORT_MAP := rte_pmd_zuc_version.map
|
||||
|
||||
# external library dependencies
|
||||
CFLAGS += -I$(LIBSSO_ZUC_PATH)
|
||||
CFLAGS += -I$(LIBSSO_ZUC_PATH)/include
|
||||
CFLAGS += -I$(LIBSSO_ZUC_PATH)/build
|
||||
LDLIBS += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc
|
||||
LDLIBS += -lIPSec_MB
|
||||
LDLIBS += -lrte_eal -lrte_mbuf -lrte_mempool -lrte_ring
|
||||
LDLIBS += -lrte_cryptodev
|
||||
LDLIBS += -lrte_bus_vdev
|
||||
|
||||
IMB_HDR = $(shell echo '\#include <intel-ipsec-mb.h>' | \
|
||||
$(CC) -E $(EXTRA_CFLAGS) - | grep 'intel-ipsec-mb.h' | \
|
||||
head -n1 | cut -d'"' -f2)
|
||||
|
||||
# Detect library version
|
||||
IMB_VERSION = $(shell grep -e "IMB_VERSION_STR" $(IMB_HDR) | cut -d'"' -f2)
|
||||
IMB_VERSION_NUM = $(shell grep -e "IMB_VERSION_NUM" $(IMB_HDR) | cut -d' ' -f3)
|
||||
|
||||
ifeq ($(IMB_VERSION),)
|
||||
$(error "IPSec_MB version >= 0.53 is required")
|
||||
endif
|
||||
|
||||
ifeq ($(shell expr $(IMB_VERSION_NUM) \< 0x3400), 1)
|
||||
$(error "IPSec_MB version >= 0.53 is required")
|
||||
endif
|
||||
# library source files
|
||||
SRCS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += rte_zuc_pmd.c
|
||||
SRCS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += rte_zuc_pmd_ops.c
|
||||
|
@ -1,11 +1,22 @@
|
||||
# SPDX-License-Identifier: BSD-3-Clause
|
||||
# Copyright(c) 2018 Intel Corporation
|
||||
# Copyright(c) 2018-2020 Intel Corporation
|
||||
|
||||
lib = cc.find_library('sso_zuc', required: false)
|
||||
if not lib.found() or not cc.has_header('sso_zuc.h')
|
||||
IMB_required_ver = '0.53.0'
|
||||
lib = cc.find_library('IPSec_MB', required: false)
|
||||
if not lib.found()
|
||||
build = false
|
||||
reason = 'missing dependency, "libsso_zuc"'
|
||||
subdir_done()
|
||||
reason = 'missing dependency, "libIPSec_MB"'
|
||||
else
|
||||
# version comes with quotes, so we split based on " and take the middle
|
||||
imb_ver = cc.get_define('IMB_VERSION_STR',
|
||||
prefix : '#include<intel-ipsec-mb.h>').split('"')[1]
|
||||
|
||||
if (imb_ver == '') or (imb_ver.version_compare('<' + IMB_required_ver))
|
||||
reason = 'IPSec_MB version >= @0@ is required, found version @1@'.format(
|
||||
IMB_required_ver, imb_ver)
|
||||
build = false
|
||||
endif
|
||||
|
||||
endif
|
||||
|
||||
allow_experimental_apis = true
|
||||
|
@ -11,7 +11,7 @@
|
||||
#include <rte_cpuflags.h>
|
||||
|
||||
#include "zuc_pmd_private.h"
|
||||
#define ZUC_MAX_BURST 4
|
||||
#define ZUC_MAX_BURST 16
|
||||
#define BYTE_LEN 8
|
||||
|
||||
static uint8_t cryptodev_driver_id;
|
||||
@ -170,16 +170,17 @@ zuc_get_session(struct zuc_qp *qp, struct rte_crypto_op *op)
|
||||
|
||||
/** Encrypt/decrypt mbufs. */
|
||||
static uint8_t
|
||||
process_zuc_cipher_op(struct rte_crypto_op **ops,
|
||||
process_zuc_cipher_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
|
||||
struct zuc_session **sessions,
|
||||
uint8_t num_ops)
|
||||
{
|
||||
unsigned i;
|
||||
uint8_t processed_ops = 0;
|
||||
uint8_t *src[ZUC_MAX_BURST], *dst[ZUC_MAX_BURST];
|
||||
uint8_t *iv[ZUC_MAX_BURST];
|
||||
const void *src[ZUC_MAX_BURST];
|
||||
void *dst[ZUC_MAX_BURST];
|
||||
const void *iv[ZUC_MAX_BURST];
|
||||
uint32_t num_bytes[ZUC_MAX_BURST];
|
||||
uint8_t *cipher_keys[ZUC_MAX_BURST];
|
||||
const void *cipher_keys[ZUC_MAX_BURST];
|
||||
struct zuc_session *sess;
|
||||
|
||||
for (i = 0; i < num_ops; i++) {
|
||||
@ -222,7 +223,8 @@ process_zuc_cipher_op(struct rte_crypto_op **ops,
|
||||
processed_ops++;
|
||||
}
|
||||
|
||||
sso_zuc_eea3_n_buffer(cipher_keys, iv, src, dst,
|
||||
IMB_ZUC_EEA3_N_BUFFER(qp->mb_mgr, (const void **)cipher_keys,
|
||||
(const void **)iv, (const void **)src, (void **)dst,
|
||||
num_bytes, processed_ops);
|
||||
|
||||
return processed_ops;
|
||||
@ -262,7 +264,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
|
||||
if (sess->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) {
|
||||
dst = (uint32_t *)qp->temp_digest;
|
||||
|
||||
sso_zuc_eia3_1_buffer(sess->pKey_hash,
|
||||
IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash,
|
||||
iv, src,
|
||||
length_in_bits, dst);
|
||||
/* Verify digest. */
|
||||
@ -272,7 +274,7 @@ process_zuc_hash_op(struct zuc_qp *qp, struct rte_crypto_op **ops,
|
||||
} else {
|
||||
dst = (uint32_t *)ops[i]->sym->auth.digest.data;
|
||||
|
||||
sso_zuc_eia3_1_buffer(sess->pKey_hash,
|
||||
IMB_ZUC_EIA3_1_BUFFER(qp->mb_mgr, sess->pKey_hash,
|
||||
iv, src,
|
||||
length_in_bits, dst);
|
||||
}
|
||||
@ -294,7 +296,7 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type,
|
||||
|
||||
switch (op_type) {
|
||||
case ZUC_OP_ONLY_CIPHER:
|
||||
processed_ops = process_zuc_cipher_op(ops,
|
||||
processed_ops = process_zuc_cipher_op(qp, ops,
|
||||
sessions, num_ops);
|
||||
break;
|
||||
case ZUC_OP_ONLY_AUTH:
|
||||
@ -302,14 +304,14 @@ process_ops(struct rte_crypto_op **ops, enum zuc_operation op_type,
|
||||
num_ops);
|
||||
break;
|
||||
case ZUC_OP_CIPHER_AUTH:
|
||||
processed_ops = process_zuc_cipher_op(ops, sessions,
|
||||
processed_ops = process_zuc_cipher_op(qp, ops, sessions,
|
||||
num_ops);
|
||||
process_zuc_hash_op(qp, ops, sessions, processed_ops);
|
||||
break;
|
||||
case ZUC_OP_AUTH_CIPHER:
|
||||
processed_ops = process_zuc_hash_op(qp, ops, sessions,
|
||||
num_ops);
|
||||
process_zuc_cipher_op(ops, sessions, processed_ops);
|
||||
process_zuc_cipher_op(qp, ops, sessions, processed_ops);
|
||||
break;
|
||||
default:
|
||||
/* Operation not supported. */
|
||||
@ -457,8 +459,7 @@ cryptodev_zuc_create(const char *name,
|
||||
{
|
||||
struct rte_cryptodev *dev;
|
||||
struct zuc_private *internals;
|
||||
uint64_t cpu_flags = RTE_CRYPTODEV_FF_CPU_SSE;
|
||||
|
||||
MB_MGR *mb_mgr;
|
||||
|
||||
dev = rte_cryptodev_pmd_create(name, &vdev->device, init_params);
|
||||
if (dev == NULL) {
|
||||
@ -466,6 +467,27 @@ cryptodev_zuc_create(const char *name,
|
||||
goto init_error;
|
||||
}
|
||||
|
||||
dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
|
||||
RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING;
|
||||
|
||||
mb_mgr = alloc_mb_mgr(0);
|
||||
if (mb_mgr == NULL)
|
||||
return -ENOMEM;
|
||||
|
||||
if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX512F)) {
|
||||
dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX512;
|
||||
init_mb_mgr_avx512(mb_mgr);
|
||||
} else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX2)) {
|
||||
dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX2;
|
||||
init_mb_mgr_avx2(mb_mgr);
|
||||
} else if (rte_cpu_get_flag_enabled(RTE_CPUFLAG_AVX)) {
|
||||
dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_AVX;
|
||||
init_mb_mgr_avx(mb_mgr);
|
||||
} else {
|
||||
dev->feature_flags |= RTE_CRYPTODEV_FF_CPU_SSE;
|
||||
init_mb_mgr_sse(mb_mgr);
|
||||
}
|
||||
|
||||
dev->driver_id = cryptodev_driver_id;
|
||||
dev->dev_ops = rte_zuc_pmd_ops;
|
||||
|
||||
@ -473,11 +495,8 @@ cryptodev_zuc_create(const char *name,
|
||||
dev->dequeue_burst = zuc_pmd_dequeue_burst;
|
||||
dev->enqueue_burst = zuc_pmd_enqueue_burst;
|
||||
|
||||
dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
|
||||
RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
|
||||
cpu_flags;
|
||||
|
||||
internals = dev->data->dev_private;
|
||||
internals->mb_mgr = mb_mgr;
|
||||
|
||||
internals->max_nb_queue_pairs = init_params->max_nb_queue_pairs;
|
||||
|
||||
@ -518,6 +537,7 @@ cryptodev_zuc_remove(struct rte_vdev_device *vdev)
|
||||
|
||||
struct rte_cryptodev *cryptodev;
|
||||
const char *name;
|
||||
struct zuc_private *internals;
|
||||
|
||||
name = rte_vdev_device_name(vdev);
|
||||
if (name == NULL)
|
||||
@ -527,6 +547,10 @@ cryptodev_zuc_remove(struct rte_vdev_device *vdev)
|
||||
if (cryptodev == NULL)
|
||||
return -ENODEV;
|
||||
|
||||
internals = cryptodev->data->dev_private;
|
||||
|
||||
free_mb_mgr(internals->mb_mgr);
|
||||
|
||||
return rte_cryptodev_pmd_destroy(cryptodev);
|
||||
}
|
||||
|
||||
|
@ -201,6 +201,7 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
|
||||
int socket_id)
|
||||
{
|
||||
struct zuc_qp *qp = NULL;
|
||||
struct zuc_private *internals = dev->data->dev_private;
|
||||
|
||||
/* Free memory prior to re-allocation if needed. */
|
||||
if (dev->data->queue_pairs[qp_id] != NULL)
|
||||
@ -223,6 +224,7 @@ zuc_pmd_qp_setup(struct rte_cryptodev *dev, uint16_t qp_id,
|
||||
if (qp->processed_ops == NULL)
|
||||
goto qp_setup_cleanup;
|
||||
|
||||
qp->mb_mgr = internals->mb_mgr;
|
||||
qp->sess_mp = qp_conf->mp_session;
|
||||
qp->sess_mp_priv = qp_conf->mp_session_private;
|
||||
|
||||
|
@ -5,7 +5,7 @@
|
||||
#ifndef _ZUC_PMD_PRIVATE_H_
|
||||
#define _ZUC_PMD_PRIVATE_H_
|
||||
|
||||
#include <sso_zuc.h>
|
||||
#include <intel-ipsec-mb.h>
|
||||
|
||||
#define CRYPTODEV_NAME_ZUC_PMD crypto_zuc
|
||||
/**< KASUMI PMD device name */
|
||||
@ -24,6 +24,8 @@ int zuc_logtype_driver;
|
||||
struct zuc_private {
|
||||
unsigned max_nb_queue_pairs;
|
||||
/**< Max number of queue pairs supported by device */
|
||||
MB_MGR *mb_mgr;
|
||||
/**< Multi-buffer instance */
|
||||
};
|
||||
|
||||
/** ZUC buffer queue pair */
|
||||
@ -45,6 +47,8 @@ struct zuc_qp {
|
||||
* by the driver when verifying a digest provided
|
||||
* by the user (using authentication verify operation)
|
||||
*/
|
||||
MB_MGR *mb_mgr;
|
||||
/**< Multi-buffer instance */
|
||||
} __rte_cache_aligned;
|
||||
|
||||
enum zuc_operation {
|
||||
|
@ -282,7 +282,7 @@ _LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_SNOW3G) += -L$(LIBSSO_SNOW3G_PATH)/build -l
|
||||
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += -lrte_pmd_kasumi
|
||||
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_KASUMI) += -L$(LIBSSO_KASUMI_PATH)/build -lsso_kasumi
|
||||
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -lrte_pmd_zuc
|
||||
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -L$(LIBSSO_ZUC_PATH)/build -lsso_zuc
|
||||
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ZUC) += -lIPSec_MB
|
||||
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO) += -lrte_pmd_armv8
|
||||
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_ARMV8_CRYPTO) += -L$(ARMV8_CRYPTO_LIB_PATH) -larmv8_crypto
|
||||
_LDLIBS-$(CONFIG_RTE_LIBRTE_PMD_MVSAM_CRYPTO) += -L$(LIBMUSDK_PATH)/lib -lrte_pmd_mvsam_crypto -lmusdk
|
||||
|
Loading…
Reference in New Issue
Block a user