X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=doc%2Fguides%2Fcryptodevs%2Faesni_mb.rst;h=948128ae9b845b819238a10888cae62cf4141580;hb=7775172c045f3387cee47d3f32633255d37ba785;hp=fd5414d83d6c44b4e00d93c1468d3da9daf3a635;hpb=b218a1bf36d764c54ebf422b0799d5ac4f79310a;p=dpdk.git diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index fd5414d83d..948128ae9b 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -1,43 +1,20 @@ -.. BSD LICENSE - Copyright(c) 2015 Intel Corporation. All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in - the documentation and/or other materials provided with the - distribution. - * Neither the name of Intel Corporation nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -AESN-NI Multi Buffer Crytpo Poll Mode Driver +.. SPDX-License-Identifier: BSD-3-Clause + Copyright(c) 2015-2018 Intel Corporation. + +AESN-NI Multi Buffer Crypto Poll Mode Driver ============================================ -The AESNI MB PMD (**librte_pmd_aesni_mb**) provides poll mode crypto driver +The AESNI MB PMD (**librte_crypto_aesni_mb**) provides poll mode crypto driver support for utilizing Intel multi buffer library, see the white paper `Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors -`_. +`_. The AES-NI MB PMD has current only been tested on Fedora 21 64-bit with gcc. +The AES-NI MB PMD supports synchronous mode of operation with +``rte_cryptodev_sym_cpu_crypto_process`` function call. + Features -------- @@ -45,57 +22,134 @@ AESNI MB PMD has support for: Cipher algorithms: -* RTE_CRYPTO_SYM_CIPHER_AES128_CBC -* RTE_CRYPTO_SYM_CIPHER_AES192_CBC -* RTE_CRYPTO_SYM_CIPHER_AES256_CBC +* RTE_CRYPTO_CIPHER_AES128_CBC +* RTE_CRYPTO_CIPHER_AES192_CBC +* RTE_CRYPTO_CIPHER_AES256_CBC +* RTE_CRYPTO_CIPHER_AES128_CTR +* RTE_CRYPTO_CIPHER_AES192_CTR +* RTE_CRYPTO_CIPHER_AES256_CTR +* RTE_CRYPTO_CIPHER_AES_DOCSISBPI +* RTE_CRYPTO_CIPHER_DES_CBC +* RTE_CRYPTO_CIPHER_3DES_CBC +* RTE_CRYPTO_CIPHER_DES_DOCSISBPI +* RTE_CRYPTO_CIPHER_AES128_ECB +* RTE_CRYPTO_CIPHER_AES192_ECB +* RTE_CRYPTO_CIPHER_AES256_ECB +* RTE_CRYPTO_CIPHER_ZUC_EEA3 +* RTE_CRYPTO_CIPHER_SNOW3G_UEA2 +* RTE_CRYPTO_CIPHER_KASUMI_F8 Hash algorithms: -* RTE_CRYPTO_SYM_HASH_SHA1_HMAC -* RTE_CRYPTO_SYM_HASH_SHA256_HMAC -* RTE_CRYPTO_SYM_HASH_SHA512_HMAC +* RTE_CRYPTO_AUTH_MD5_HMAC +* RTE_CRYPTO_AUTH_SHA1_HMAC +* RTE_CRYPTO_AUTH_SHA224_HMAC +* RTE_CRYPTO_AUTH_SHA256_HMAC +* RTE_CRYPTO_AUTH_SHA384_HMAC +* RTE_CRYPTO_AUTH_SHA512_HMAC +* RTE_CRYPTO_AUTH_AES_XCBC_HMAC +* RTE_CRYPTO_AUTH_AES_CMAC +* RTE_CRYPTO_AUTH_AES_GMAC +* RTE_CRYPTO_AUTH_SHA1 +* RTE_CRYPTO_AUTH_SHA224 +* RTE_CRYPTO_AUTH_SHA256 +* RTE_CRYPTO_AUTH_SHA384 +* RTE_CRYPTO_AUTH_SHA512 +* RTE_CRYPTO_AUTH_ZUC_EIA3 +* RTE_CRYPTO_AUTH_SNOW3G_UIA2 +* RTE_CRYPTO_AUTH_KASUMI_F9 + +AEAD algorithms: + +* RTE_CRYPTO_AEAD_AES_CCM +* RTE_CRYPTO_AEAD_AES_GCM +* RTE_CRYPTO_AEAD_CHACHA20_POLY1305 + +Protocol offloads: + +* RTE_SECURITY_PROTOCOL_DOCSIS Limitations ----------- * Chained mbufs are not supported. -* Hash only is not supported. -* Cipher only is not supported. -* Only in-place is currently supported (destination address is the same as source address). -* Only supports session-oriented API implementation (session-less APIs are not supported). -* Not performance tuned. +* Out-of-place is not supported for combined Crypto-CRC DOCSIS security + protocol. +* RTE_CRYPTO_CIPHER_DES_DOCSISBPI is not supported for combined Crypto-CRC + DOCSIS security protocol. +* The only tag size supported for ZUC-EIA3-256 is 4 bytes. + Installation ------------ -To build DPDK with the AESNI_MB_PMD the user is required to download the mult- -buffer library from `here `_ -and compile it on their user system before building DPDK. When building the -multi-buffer library it is necessary to have YASM package installed and also -requires the overriding of YASM path when building, as a path is hard coded in -the Makefile of the release package. +To build DPDK with the AESNI_MB_PMD the user is required to download the multi-buffer +library from `here `_ +and compile it on their user system before building DPDK. +The latest version of the library supported by this PMD is v1.0, which +can be downloaded from ``_. .. code-block:: console - make YASM=/usr/bin/yasm + make + make install + +The library requires NASM to be built. Depending on the library version, it might +require a minimum NASM version (e.g. v0.54 requires at least NASM 2.14). + +NASM is packaged for different OS. However, on some OS the version is too old, +so a manual installation is required. In that case, NASM can be downloaded from +`NASM website `_. +Once it is downloaded, extract it and follow these steps: + +.. code-block:: console + + ./configure + make + make install + +.. note:: + + Compilation of the Multi-Buffer library is broken when GCC < 5.0, if library <= v0.53. + If a lower GCC version than 5.0, the workaround proposed by the following link + should be used: ``_. + +As a reference, the following table shows a mapping between the past DPDK versions +and the Multi-Buffer library version supported by them: + +.. _table_aesni_mb_versions: + +.. table:: DPDK and Multi-Buffer library version compatibility + + ============== ============================ + DPDK version Multi-buffer library version + ============== ============================ + 2.2 - 16.11 0.43 - 0.44 + 17.02 0.44 + 17.05 - 17.08 0.45 - 0.48 + 17.11 0.47 - 0.48 + 18.02 0.48 + 18.05 - 19.02 0.49 - 0.52 + 19.05 - 19.08 0.52 + 19.11 - 20.08 0.52 - 0.55 + 20.11 - 21.08 0.53 - 1.0* + 21.11+ 1.0* + ============== ============================ + +\* Multi-buffer library 1.0 or newer only works for Meson but not Make build system. Initialization -------------- In order to enable this virtual crypto PMD, user must: -* Export the environmental variable AESNI_MULTI_BUFFER_LIB_PATH with the path where - the library was extracted. - * Build the multi buffer library (explained in Installation section). -* Set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_base. - To use the PMD in an application, user must: -* Call rte_eal_vdev_init("cryptodev_aesni_mb_pmd") within the application. +* Call rte_vdev_init("crypto_aesni_mb") within the application. -* Use --vdev="cryptodev_aesni_mb_pmd" in the EAL options, which will call rte_eal_vdev_init() internally. +* Use --vdev="crypto_aesni_mb" in the EAL options, which will call rte_vdev_init() internally. The following parameters (all optional) can be provided in the previous two calls: @@ -110,4 +164,18 @@ Example: .. code-block:: console - ./l2fwd-crypto -c 40 -n 4 --vdev="cryptodev_aesni_mb_pmd,socket_id=1,max_nb_sessions=128" + ./dpdk-l2fwd-crypto -l 1 -n 4 --vdev="crypto_aesni_mb,socket_id=0,max_nb_sessions=128" \ + -- -p 1 --cdev SW --chain CIPHER_HASH --cipher_algo "aes-cbc" --auth_algo "sha1-hmac" + +Extra notes +----------- + +For AES Counter mode (AES-CTR), the library supports two different sizes for Initialization +Vector (IV): + +* 12 bytes: used mainly for IPsec, as it requires 12 bytes from the user, which internally + are appended the counter block (4 bytes), which is set to 1 for the first block + (no padding required from the user) + +* 16 bytes: when passing 16 bytes, the library will take them and use the last 4 bytes + as the initial counter block for the first block.