net/ena: proxy AQ calls to primary process
[dpdk.git] / doc / guides / cryptodevs / openssl.rst
1 ..  SPDX-License-Identifier: BSD-3-Clause
2     Copyright(c) 2016 Intel Corporation.
3
4 OpenSSL Crypto Poll Mode Driver
5 ===============================
6
7 This code provides the initial implementation of the openssl poll mode
8 driver. All cryptography operations are using Openssl library crypto API.
9 Each algorithm uses EVP interface from openssl API - which is recommended
10 by Openssl maintainers.
11
12 For more details about openssl library please visit openssl webpage:
13 https://www.openssl.org/
14
15 Features
16 --------
17
18 OpenSSL PMD has support for:
19
20 Supported cipher algorithms:
21
22 * ``RTE_CRYPTO_CIPHER_3DES_CBC``
23 * ``RTE_CRYPTO_CIPHER_AES_CBC``
24 * ``RTE_CRYPTO_CIPHER_AES_CTR``
25 * ``RTE_CRYPTO_CIPHER_3DES_CTR``
26 * ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI``
27
28 Supported authentication algorithms:
29
30 * ``RTE_CRYPTO_AUTH_AES_GMAC``
31 * ``RTE_CRYPTO_AUTH_MD5``
32 * ``RTE_CRYPTO_AUTH_SHA1``
33 * ``RTE_CRYPTO_AUTH_SHA224``
34 * ``RTE_CRYPTO_AUTH_SHA256``
35 * ``RTE_CRYPTO_AUTH_SHA384``
36 * ``RTE_CRYPTO_AUTH_SHA512``
37 * ``RTE_CRYPTO_AUTH_MD5_HMAC``
38 * ``RTE_CRYPTO_AUTH_SHA1_HMAC``
39 * ``RTE_CRYPTO_AUTH_SHA224_HMAC``
40 * ``RTE_CRYPTO_AUTH_SHA256_HMAC``
41 * ``RTE_CRYPTO_AUTH_SHA384_HMAC``
42 * ``RTE_CRYPTO_AUTH_SHA512_HMAC``
43
44 Supported AEAD algorithms:
45
46 * ``RTE_CRYPTO_AEAD_AES_GCM``
47 * ``RTE_CRYPTO_AEAD_AES_CCM``
48
49 Supported Asymmetric Crypto algorithms:
50
51 * ``RTE_CRYPTO_ASYM_XFORM_RSA``
52 * ``RTE_CRYPTO_ASYM_XFORM_DSA``
53 * ``RTE_CRYPTO_ASYM_XFORM_DH``
54 * ``RTE_CRYPTO_ASYM_XFORM_MODINV``
55 * ``RTE_CRYPTO_ASYM_XFORM_MODEX``
56
57
58 Installation
59 ------------
60
61 To compile the OpenSSL PMD the openssl library must be installed. It will
62 then be picked up by the Meson/Ninja build system.
63
64 To ensure that you have the latest security fixes it is recommended that you
65 use version 1.1.1g or newer.
66
67 * 1.1.1g, 2020-Apr-21. https://www.openssl.org/source/
68
69 Initialization
70 --------------
71
72 User can use app/test application to check how to use this PMD and to verify
73 crypto processing.
74
75 Test name is cryptodev_openssl_autotest.
76 For asymmetric crypto operations testing, run cryptodev_openssl_asym_autotest.
77
78 To verify real traffic l2fwd-crypto example can be used with this command:
79
80 .. code-block:: console
81
82         sudo ./<build_dir>/examples/dpdk-l2fwd-crypto -l 0-1 -n 4 --vdev "crypto_openssl"
83         --vdev "crypto_openssl"-- -p 0x3 --chain CIPHER_HASH
84         --cipher_op ENCRYPT --cipher_algo AES_CBC
85         --cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f
86         --iv 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:ff
87         --auth_op GENERATE --auth_algo SHA1_HMAC
88         --auth_key 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11
89         :11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11
90         :11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11
91
92 Limitations
93 -----------
94
95 * Maximum number of sessions is 2048.
96 * Chained mbufs are supported only for source mbuf (destination must be
97   contiguous).
98 * Hash only is not supported for GCM and GMAC.
99 * Cipher only is not supported for GCM and GMAC.