-.. BSD LICENSE
- Copyright(c) 2015-2017 Intel Corporation. All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions
- are met:
-
- * Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in
- the documentation and/or other materials provided with the
- distribution.
- * Neither the name of Intel Corporation nor the names of its
- contributors may be used to endorse or promote products derived
- from this software without specific prior written permission.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.. SPDX-License-Identifier: BSD-3-Clause
+ Copyright(c) 2015-2018 Intel Corporation.
AESN-NI Multi Buffer Crypto Poll Mode Driver
============================================
-The AESNI MB PMD (**librte_pmd_aesni_mb**) provides poll mode crypto driver
+The AESNI MB PMD (**librte_crypto_aesni_mb**) provides poll mode crypto driver
support for utilizing Intel multi buffer library, see the white paper
`Fast Multi-buffer IPsec Implementations on IntelĀ® Architecture Processors
-<https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-paper.html?wapkw=multi+buffer>`_.
+<https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/fast-multi-buffer-ipsec-implementations-ia-processors-paper.pdf>`_.
The AES-NI MB PMD has current only been tested on Fedora 21 64-bit with gcc.
+The AES-NI MB PMD supports synchronous mode of operation with
+``rte_cryptodev_sym_cpu_crypto_process`` function call.
+
Features
--------
* RTE_CRYPTO_CIPHER_AES256_CTR
* RTE_CRYPTO_CIPHER_AES_DOCSISBPI
* RTE_CRYPTO_CIPHER_DES_CBC
+* RTE_CRYPTO_CIPHER_3DES_CBC
* RTE_CRYPTO_CIPHER_DES_DOCSISBPI
+* RTE_CRYPTO_CIPHER_AES128_ECB
+* RTE_CRYPTO_CIPHER_AES192_ECB
+* RTE_CRYPTO_CIPHER_AES256_ECB
+* RTE_CRYPTO_CIPHER_ZUC_EEA3
+* RTE_CRYPTO_CIPHER_SNOW3G_UEA2
+* RTE_CRYPTO_CIPHER_KASUMI_F8
Hash algorithms:
-* RTE_CRYPTO_HASH_MD5_HMAC
-* RTE_CRYPTO_HASH_SHA1_HMAC
-* RTE_CRYPTO_HASH_SHA224_HMAC
-* RTE_CRYPTO_HASH_SHA256_HMAC
-* RTE_CRYPTO_HASH_SHA384_HMAC
-* RTE_CRYPTO_HASH_SHA512_HMAC
-* RTE_CRYPTO_HASH_AES_XCBC_HMAC
+* RTE_CRYPTO_AUTH_MD5_HMAC
+* RTE_CRYPTO_AUTH_SHA1_HMAC
+* RTE_CRYPTO_AUTH_SHA224_HMAC
+* RTE_CRYPTO_AUTH_SHA256_HMAC
+* RTE_CRYPTO_AUTH_SHA384_HMAC
+* RTE_CRYPTO_AUTH_SHA512_HMAC
+* RTE_CRYPTO_AUTH_AES_XCBC_HMAC
+* RTE_CRYPTO_AUTH_AES_CMAC
+* RTE_CRYPTO_AUTH_AES_GMAC
+* RTE_CRYPTO_AUTH_SHA1
+* RTE_CRYPTO_AUTH_SHA224
+* RTE_CRYPTO_AUTH_SHA256
+* RTE_CRYPTO_AUTH_SHA384
+* RTE_CRYPTO_AUTH_SHA512
+* RTE_CRYPTO_AUTH_ZUC_EIA3
+* RTE_CRYPTO_AUTH_SNOW3G_UIA2
+* RTE_CRYPTO_AUTH_KASUMI_F9
+
+AEAD algorithms:
+
+* RTE_CRYPTO_AEAD_AES_CCM
+* RTE_CRYPTO_AEAD_AES_GCM
+* RTE_CRYPTO_AEAD_CHACHA20_POLY1305
+
+Protocol offloads:
+
+* RTE_SECURITY_PROTOCOL_DOCSIS
Limitations
-----------
* Chained mbufs are not supported.
-* Only in-place is currently supported (destination address is the same as source address).
+* Out-of-place is not supported for combined Crypto-CRC DOCSIS security
+ protocol.
+* RTE_CRYPTO_CIPHER_DES_DOCSISBPI is not supported for combined Crypto-CRC
+ DOCSIS security protocol.
+* The only tag size supported for ZUC-EIA3-256 is 4 bytes.
Installation
To build DPDK with the AESNI_MB_PMD the user is required to download the multi-buffer
library from `here <https://github.com/01org/intel-ipsec-mb>`_
and compile it on their user system before building DPDK.
-The latest version of the library supported by this PMD is v0.47, which
-can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.47.zip>`_.
+The latest version of the library supported by this PMD is v1.0, which
+can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v1.0.zip>`_.
+
+.. code-block:: console
+
+ make
+ make install
+
+The library requires NASM to be built. Depending on the library version, it might
+require a minimum NASM version (e.g. v0.54 requires at least NASM 2.14).
+
+NASM is packaged for different OS. However, on some OS the version is too old,
+so a manual installation is required. In that case, NASM can be downloaded from
+`NASM website <https://www.nasm.us/pub/nasm/releasebuilds/?C=M;O=D>`_.
+Once it is downloaded, extract it and follow these steps:
.. code-block:: console
- make
+ ./configure
+ make
+ make install
+
+.. note::
+
+ Compilation of the Multi-Buffer library is broken when GCC < 5.0, if library <= v0.53.
+ If a lower GCC version than 5.0, the workaround proposed by the following link
+ should be used: `<https://github.com/intel/intel-ipsec-mb/issues/40>`_.
As a reference, the following table shows a mapping between the past DPDK versions
and the Multi-Buffer library version supported by them:
============== ============================
2.2 - 16.11 0.43 - 0.44
17.02 0.44
- 17.05 - 17.08 0.45 - 0.47
- 17.11+ 0.47
+ 17.05 - 17.08 0.45 - 0.48
+ 17.11 0.47 - 0.48
+ 18.02 0.48
+ 18.05 - 19.02 0.49 - 0.52
+ 19.05 - 19.08 0.52
+ 19.11 - 20.08 0.52 - 0.55
+ 20.11 - 21.08 0.53 - 1.0*
+ 21.11+ 1.0*
============== ============================
+\* Multi-buffer library 1.0 or newer only works for Meson but not Make build system.
Initialization
--------------
In order to enable this virtual crypto PMD, user must:
-* Export the environmental variable AESNI_MULTI_BUFFER_LIB_PATH with the path where
- the library was extracted.
-
* Build the multi buffer library (explained in Installation section).
-* Set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_base.
-
To use the PMD in an application, user must:
* Call rte_vdev_init("crypto_aesni_mb") within the application.
.. code-block:: console
- ./l2fwd-crypto -l 1 -n 4 --vdev="crypto_aesni_mb,socket_id=0,max_nb_sessions=128" \
+ ./dpdk-l2fwd-crypto -l 1 -n 4 --vdev="crypto_aesni_mb,socket_id=0,max_nb_sessions=128" \
-- -p 1 --cdev SW --chain CIPHER_HASH --cipher_algo "aes-cbc" --auth_algo "sha1-hmac"
Extra notes
For AES Counter mode (AES-CTR), the library supports two different sizes for Initialization
Vector (IV):
-* 12 bytes: used mainly for IPSec, as it requires 12 bytes from the user, which internally
+* 12 bytes: used mainly for IPsec, as it requires 12 bytes from the user, which internally
are appended the counter block (4 bytes), which is set to 1 for the first block
(no padding required from the user)
git.droids-corp.org / dpdk.git / blobdiff