1 .. SPDX-License-Identifier: BSD-3-Clause
2 Copyright(c) 2016-2019 Intel Corporation.
4 KASUMI Crypto Poll Mode Driver
5 ===============================
7 The KASUMI PMD (**librte_pmd_kasumi**) provides poll mode crypto driver support for
8 utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_
9 which implements F8 and F9 functions for KASUMI UEA1 cipher and UIA1 hash algorithms.
14 KASUMI PMD has support for:
18 * RTE_CRYPTO_CIPHER_KASUMI_F8
20 Authentication algorithm:
22 * RTE_CRYPTO_AUTH_KASUMI_F9
27 * Chained mbufs are not supported.
28 * KASUMI(F9) supported only if hash offset and length field is byte-aligned.
29 * In-place bit-level operations for KASUMI(F8) are not supported
30 (if length and/or offset of data to be ciphered is not byte-aligned).
36 To build DPDK with the KASUMI_PMD the user is required to download the multi-buffer
37 library from `here <https://github.com/01org/intel-ipsec-mb>`_
38 and compile it on their user system before building DPDK.
39 The latest version of the library supported by this PMD is v0.53, which
40 can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_.
42 After downloading the library, the user needs to unpack and compile it
43 on their system before building DPDK:
45 .. code-block:: console
50 As a reference, the following table shows a mapping between the past DPDK versions
51 and the external crypto libraries supported by them:
53 .. _table_kasumi_versions:
55 .. table:: DPDK and external crypto library version compatibility
57 ============= ================================
58 DPDK version Crypto library version
59 ============= ================================
60 16.11 - 19.11 LibSSO KASUMI
61 20.02+ Multi-buffer library 0.53
62 ============= ================================
68 In order to enable this virtual crypto PMD, user must:
70 * Build the multi buffer library (explained in Installation section).
72 * Build DPDK as follows:
74 .. code-block:: console
76 make config T=x86_64-native-linux-gcc
77 sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_KASUMI\)=n,\1=y,' build/.config
81 To use the PMD in an application, user must:
83 * Call rte_vdev_init("crypto_kasumi") within the application.
85 * Use --vdev="crypto_kasumi" in the EAL options, which will call rte_vdev_init() internally.
87 The following parameters (all optional) can be provided in the previous two calls:
89 * socket_id: Specify the socket where the memory for the device is going to be allocated
90 (by default, socket_id will be the socket where the core that is creating the PMD is running on).
92 * max_nb_queue_pairs: Specify the maximum number of queue pairs in the device (8 by default).
94 * max_nb_sessions: Specify the maximum number of sessions that can be created (2048 by default).
98 .. code-block:: console
100 ./l2fwd-crypto -l 1 -n 4 --vdev="crypto_kasumi,socket_id=0,max_nb_sessions=128" \
101 -- -p 1 --cdev SW --chain CIPHER_ONLY --cipher_algo "kasumi-f8"
103 Extra notes on KASUMI F9
104 ------------------------
106 When using KASUMI F9 authentication algorithm, the input buffer must be
107 constructed according to the 3GPP KASUMI specifications (section 4.4, page 13):
108 `<http://cryptome.org/3gpp/35201-900.pdf>`_.
109 Input buffer has to have COUNT (4 bytes), FRESH (4 bytes), MESSAGE and DIRECTION (1 bit)
110 concatenated. After the DIRECTION bit, a single '1' bit is appended, followed by
111 between 0 and 7 '0' bits, so that the total length of the buffer is multiple of 8 bits.
112 Note that the actual message can be any length, specified in bits.
114 Once this buffer is passed this way, when creating the crypto operation,
115 length of data to authenticate (op.sym.auth.data.length) must be the length
116 of all the items described above, including the padding at the end.
117 Also, offset of data to authenticate (op.sym.auth.data.offset)
118 must be such that points at the start of the COUNT bytes.