d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
93b043df3d
numam-dpdk/doc/guides/cryptodevs/aesni_mb.rst

170 lines
5.2 KiB
ReStructuredText
Raw Normal View History

doc: convert Intel license headers to SPDX tags Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com> Acked-by: Bruce Richardson <bruce.richardson@intel.com>
2018-02-01 17:18:17 +00:00
.. SPDX-License-Identifier: BSD-3-Clause
doc: fix AESNI_MB guide This patch fixes the incorrect intel multi buffer library support version and missed limitation of GCM algorithm support. Fixes: 0e9f8507afcb ("crypto/aesni_mb: support AES-GCM algorithm") Cc: stable@dpdk.org Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2019-01-09 12:11:12 +00:00
Copyright(c) 2015-2018 Intel Corporation.
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
doc: add missing supported crypto algos AESNI MB supports MD5 and AES XCBC, but it wasn't reflected in the driver documentation. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-03-22 16:15:57 +00:00
AESN-NI Multi Buffer Crypto Poll Mode Driver
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
============================================
The AESNI MB PMD (**librte_pmd_aesni_mb**) provides poll mode crypto driver
doc: fix spellings Fix various spellings in rst docs. Signed-off-by: John McNamara <john.mcnamara@intel.com> Acked-by: Harry van Haaren <harry.van.haaren@intel.com>
2015-12-15 09:38:59 +00:00
support for utilizing Intel multi buffer library, see the white paper
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
`Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors
doc: fix outdated link to IPsec white paper Fixes: 924e84f87306 ("aesni_mb: add driver for multi buffer based crypto") Cc: stable@dpdk.org Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2018-02-14 17:14:06 +00:00
<https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/fast-multi-buffer-ipsec-implementations-ia-processors-paper.pdf>`_.
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
The AES-NI MB PMD has current only been tested on Fedora 21 64-bit with gcc.
crypto/aesni_mb: support CPU crypto Add support for CPU crypto mode by introducing required handler. Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2020-04-17 15:03:48 +00:00
The AES-NI MB PMD supports synchronous mode of operation with
``rte_cryptodev_sym_cpu_crypto_process`` function call.
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
Features
--------
AESNI MB PMD has support for:
Cipher algorithms:
doc: fix names of supported crypto algorithms Update documentation with correct names of supported algorithms. Fixes: 1703e94ac5cee ("qat: add driver for QuickAssist devices") Fixes: 3aafc423cf4d ("snow3g: add driver for SNOW 3G library") Fixes: 924e84f87306 ("aesni_mb: add driver for multi buffer based crypto") Fixes: 2773c86d061a ("crypto/kasumi: add driver for KASUMI library") Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com> Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2016-09-19 11:14:52 +00:00
* RTE_CRYPTO_CIPHER_AES128_CBC
* RTE_CRYPTO_CIPHER_AES192_CBC
* RTE_CRYPTO_CIPHER_AES256_CBC
* RTE_CRYPTO_CIPHER_AES128_CTR
* RTE_CRYPTO_CIPHER_AES192_CTR
* RTE_CRYPTO_CIPHER_AES256_CTR
crypto/aesni_mb: support AES DOCSIS BPI Underlying IPSec Multi buffer library implements DOCSIS specification, so this commit adds support for this new feature, which combines AES-CBC for full AES blocks (16 bytes) and AES-CFB for last runt block (less than 16 bytes). Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Declan Doherty <declan.doherty@intel.com>
2017-02-23 15:06:29 +00:00
* RTE_CRYPTO_CIPHER_AES_DOCSISBPI
crypto/aesni_mb: support DES The Multi-buffer library now supports DES-CBC and DES-DOCSISBPI algorithms, so this commit extends adds support for them in the PMD. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Fan Zhang <roy.fan.zhang@intel.com> Reviewed-by: Radu Nicolau <radu.nicolau@intel.com>
2017-10-05 05:27:58 +00:00
* RTE_CRYPTO_CIPHER_DES_CBC
crypto/aesni_mb: support 3DES Added support for 3DES cipher algorithm which will support 8, 16 and 24 byte keys, which also has been added in the v0.50 of the IPSec Multi-buffer lib. Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2018-06-08 09:10:01 +00:00
* RTE_CRYPTO_CIPHER_3DES_CBC
crypto/aesni_mb: support DES The Multi-buffer library now supports DES-CBC and DES-DOCSISBPI algorithms, so this commit extends adds support for them in the PMD. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Fan Zhang <roy.fan.zhang@intel.com> Reviewed-by: Radu Nicolau <radu.nicolau@intel.com>
2017-10-05 05:27:58 +00:00
* RTE_CRYPTO_CIPHER_DES_DOCSISBPI
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
Hash algorithms:
doc: add missing supported crypto algos AESNI MB supports MD5 and AES XCBC, but it wasn't reflected in the driver documentation. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-03-22 16:15:57 +00:00
* RTE_CRYPTO_HASH_MD5_HMAC
doc: fix names of supported crypto algorithms Update documentation with correct names of supported algorithms. Fixes: 1703e94ac5cee ("qat: add driver for QuickAssist devices") Fixes: 3aafc423cf4d ("snow3g: add driver for SNOW 3G library") Fixes: 924e84f87306 ("aesni_mb: add driver for multi buffer based crypto") Fixes: 2773c86d061a ("crypto/kasumi: add driver for KASUMI library") Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com> Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2016-09-19 11:14:52 +00:00
* RTE_CRYPTO_HASH_SHA1_HMAC
crypto/aesni_mb: add missing supported algos in guide AESNI MB PMD supports SHA224-HMAC and SHA384-HMAC, but the documentation was not updated with this. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: John McNamara <john.mcnamara@intel.com>
2016-12-19 17:29:03 +00:00
* RTE_CRYPTO_HASH_SHA224_HMAC
doc: fix names of supported crypto algorithms Update documentation with correct names of supported algorithms. Fixes: 1703e94ac5cee ("qat: add driver for QuickAssist devices") Fixes: 3aafc423cf4d ("snow3g: add driver for SNOW 3G library") Fixes: 924e84f87306 ("aesni_mb: add driver for multi buffer based crypto") Fixes: 2773c86d061a ("crypto/kasumi: add driver for KASUMI library") Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com> Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2016-09-19 11:14:52 +00:00
* RTE_CRYPTO_HASH_SHA256_HMAC
crypto/aesni_mb: add missing supported algos in guide AESNI MB PMD supports SHA224-HMAC and SHA384-HMAC, but the documentation was not updated with this. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: John McNamara <john.mcnamara@intel.com>
2016-12-19 17:29:03 +00:00
* RTE_CRYPTO_HASH_SHA384_HMAC
doc: fix names of supported crypto algorithms Update documentation with correct names of supported algorithms. Fixes: 1703e94ac5cee ("qat: add driver for QuickAssist devices") Fixes: 3aafc423cf4d ("snow3g: add driver for SNOW 3G library") Fixes: 924e84f87306 ("aesni_mb: add driver for multi buffer based crypto") Fixes: 2773c86d061a ("crypto/kasumi: add driver for KASUMI library") Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com> Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2016-09-19 11:14:52 +00:00
* RTE_CRYPTO_HASH_SHA512_HMAC
doc: add missing supported crypto algos AESNI MB supports MD5 and AES XCBC, but it wasn't reflected in the driver documentation. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-03-22 16:15:57 +00:00
* RTE_CRYPTO_HASH_AES_XCBC_HMAC
crypto/aesni_mb: support AES CMAC Added support for AES CMAC hash algorithm with 128-bit key, which has been added in the v0.49 of the IPSec Multi-buffer lib. Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2018-03-27 12:15:32 +00:00
* RTE_CRYPTO_HASH_AES_CMAC
crypto/aesni_mb: support AES-GMAC This patch adds the AES-GMAC authentication only support to AESNI-MB PMD, including the driver code, cryptodev unit test, and documentation updates. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Damian Nowak <damianx.nowak@intel.com>
2018-12-20 12:07:55 +00:00
* RTE_CRYPTO_HASH_AES_GMAC
crypto/aesni_mb: support plain SHA This patch adds the plain SHA1, SHA224, SHA256, SHA384, and SHA512 algorithms support to AESNI-MB PMD. The cryptodev unit test and documentation are updated accordingly. Signed-off-by: Damian Nowak <damianx.nowak@intel.com> Signed-off-by: Lukasz Krakowiak <lukaszx.krakowiak@intel.com> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2018-12-20 12:22:15 +00:00
* RTE_CRYPTO_HASH_SHA1
* RTE_CRYPTO_HASH_SHA224
* RTE_CRYPTO_HASH_SHA256
* RTE_CRYPTO_HASH_SHA384
* RTE_CRYPTO_HASH_SHA512
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
crypto/aesni_mb: support AES-CCM Add support to AES-CCM, for 128-bit keys. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-12-19 15:34:30 +00:00
AEAD algorithms:
* RTE_CRYPTO_AEAD_AES_CCM
crypto/aesni_mb: support AES-GCM algorithm This patch updates the current AESNI-MB PMD with added AES-GCM algorithm support. The patch includes the necessary changes to the code including the capability update, control and data patch changes for the AES-GCM algorithm support. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
2018-10-10 11:04:41 +00:00
* RTE_CRYPTO_AEAD_AES_GCM
crypto/aesni_mb: support AES-CCM Add support to AES-CCM, for 128-bit keys. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-12-19 15:34:30 +00:00
crypto/aesni_mb: support DOCSIS protocol Add support to the AESNI-MB PMD for the DOCSIS protocol, through the rte_security API. This, therefore, includes adding support for the rte_security API to this PMD. Signed-off-by: David Coyle <david.coyle@intel.com> Signed-off-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2020-07-03 12:39:29 +00:00
Protocol offloads:
* RTE_SECURITY_PROTOCOL_DOCSIS
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
Limitations
-----------
* Chained mbufs are not supported.
crypto/aesni_mb: support DOCSIS protocol Add support to the AESNI-MB PMD for the DOCSIS protocol, through the rte_security API. This, therefore, includes adding support for the rte_security API to this PMD. Signed-off-by: David Coyle <david.coyle@intel.com> Signed-off-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2020-07-03 12:39:29 +00:00
* Out-of-place is not supported for combined Crypto-CRC DOCSIS security
protocol.
* RTE_CRYPTO_CIPHER_DES_DOCSISBPI is not supported for combined Crypto-CRC
DOCSIS security protocol.
doc: remove incorrect limitation on AESNI-MB PMD AESNI MB PMD supports sessionless operations, but the documentation was stating that only operations with session were supported. Fixes: 924e84f87306 ("aesni_mb: add driver for multi buffer based crypto") Cc: stable@dpdk.org Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Declan Doherty <declan.doherty@intel.com>
2017-07-13 05:36:48 +00:00
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
Installation
------------
doc: clarify multi-buffer crypto library version support AES-NI MB PMD uses external Multi-Buffer library, which is hosted in github, but the version was not specified in the documentation. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2017-02-10 12:33:42 +00:00
To build DPDK with the AESNI_MB_PMD the user is required to download the multi-buffer
library from `here <https://github.com/01org/intel-ipsec-mb>`_
crypto/aesni_mb: update dependency in guide The Intel(R) Multi Buffer Crypto library used in the AESNI MB PMD has been moved to a new repository, in github. This patch updates the link where it can be downloaded. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: John McNamara <john.mcnamara@intel.com>
2016-12-19 17:29:01 +00:00
and compile it on their user system before building DPDK.
doc: support IPsec Multi-buffer lib v0.54 Updated AESNI MB and AESNI GCM PMD documentation guides with information about the latest Intel IPSec Multi-buffer library supported. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2020-04-17 22:00:37 +00:00
The latest version of the library supported by this PMD is v0.54, which
can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.54.zip>`_.
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
.. code-block:: console
crypto/aesni_mb: support IPsec Multi-buffer lib v0.49 Adds support for the v0.49 of the IPsec Multi-buffer lib, which now gets compiled and installed as a shared object. Therefore, there is no need to pass the AESNI_MULTI_BUFFER_LIB_PATH Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2018-03-27 12:14:29 +00:00
make
make install
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
doc: add NASM installation steps The intel-ipsec-mb library requires NASM as a dependency. Steps on how to get and install NASM are added on the documentation of the crypto PMDs which requires the library. Bugzilla ID: 417 Cc: stable@dpdk.org Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Kevin Traynor <ktraynor@redhat.com>
2020-05-21 09:15:12 +00:00
The library requires NASM to be built. Depending on the library version, it might
require a minimum NASM version (e.g. v0.54 requires at least NASM 2.14).
NASM is packaged for different OS. However, on some OS the version is too old,
so a manual installation is required. In that case, NASM can be downloaded from
`NASM website <https://www.nasm.us/pub/nasm/releasebuilds/?C=M;O=D>`_.
Once it is downloaded, extract it and follow these steps:
.. code-block:: console
./configure
make
make install
doc: add build requirement in some crypto PMD guides The following crypto PMDs use the Intel Multi-buffer library: - AESNI MB PMD - AESNI GCM PMD - ZUC PMD - KASUMI PMD - SNOW3G PMD When this library is built with gcc < 5.0, it might throw some compilation issues. A workaround has been added in the repo of this library, so a note on this has been added to the documentation of these PMDs. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: John McNamara <john.mcnamara@intel.com>
2020-02-17 17:12:55 +00:00
.. note::
Compilation of the Multi-Buffer library is broken when GCC < 5.0, if library <= v0.53.
If a lower GCC version than 5.0, the workaround proposed by the following link
should be used: `<https://github.com/intel/intel-ipsec-mb/issues/40>`_.
crypto/aesni_mb: support IPSec Multi-buffer lib v0.45 IPSec Multi-buffer library v0.45 has been released, which includes, among other features, support for DOCSIS BPI specification and include AVX512 optimizations. This new version added const qualifiers to some of the function prototypes, so the PMD has been updated to include these changes. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Declan Doherty <declan.doherty@intel.com>
2017-03-30 15:04:18 +00:00
As a reference, the following table shows a mapping between the past DPDK versions
and the Multi-Buffer library version supported by them:
.. _table_aesni_mb_versions:
.. table:: DPDK and Multi-Buffer library version compatibility
doc: update IPSec Multi-buffer lib versioning IPSec Multi-buffer library v0.47 has been released, which includes, among other features, support for DES-CBC and DES-DOCSIS. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: John McNamara <john.mcnamara@intel.com>
2017-10-05 05:27:57 +00:00
============== ============================
DPDK version Multi-buffer library version
============== ============================
2.2 - 16.11 0.43 - 0.44
17.02 0.44
doc: update IPSec Multi-buffer lib versioning IPSec Multi-buffer library v0.48 has been released, which includes, among other features, support for AES-CCM. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
2017-12-19 09:27:55 +00:00
17.05 - 17.08 0.45 - 0.48
17.11 0.47 - 0.48
crypto/aesni_mb: support IPsec Multi-buffer lib v0.49 Adds support for the v0.49 of the IPsec Multi-buffer lib, which now gets compiled and installed as a shared object. Therefore, there is no need to pass the AESNI_MULTI_BUFFER_LIB_PATH Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2018-03-27 12:14:29 +00:00
18.02 0.48
crypto/aesni_mb: support newer library version only As stated in 19.02 deprecation notice, this patch updates the aesni_mb PMD to remove the support of older Intel-ipsec-mb library version earlier than 0.52. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2019-03-25 13:58:35 +00:00
18.05 - 19.02 0.49 - 0.52
doc: support IPsec Multi-buffer lib v0.53 Updated AESNI MB and AESNI GCM PMD documentation guides with information about the latest Intel IPSec Multi-buffer library supported. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2019-11-04 09:32:46 +00:00
19.05 - 19.08 0.52
doc: support IPsec Multi-buffer lib v0.54 Updated AESNI MB and AESNI GCM PMD documentation guides with information about the latest Intel IPSec Multi-buffer library supported. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2020-04-17 22:00:37 +00:00
19.11+ 0.52 - 0.54
doc: update IPSec Multi-buffer lib versioning IPSec Multi-buffer library v0.47 has been released, which includes, among other features, support for DES-CBC and DES-DOCSIS. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: John McNamara <john.mcnamara@intel.com>
2017-10-05 05:27:57 +00:00
============== ============================
crypto/aesni_mb: support IPSec Multi-buffer lib v0.45 IPSec Multi-buffer library v0.45 has been released, which includes, among other features, support for DOCSIS BPI specification and include AVX512 optimizations. This new version added const qualifiers to some of the function prototypes, so the PMD has been updated to include these changes. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Declan Doherty <declan.doherty@intel.com>
2017-03-30 15:04:18 +00:00
doc: add initialization section for crypto vdevs Explain how to create/initialize virtual crypto PMDs, through command line and within an application. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-04-04 13:14:37 +00:00
Initialization
--------------
In order to enable this virtual crypto PMD, user must:
* Build the multi buffer library (explained in Installation section).
* Set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_base.
To use the PMD in an application, user must:
vdev: remove eal prefix The VDEV code will move to the bus drivers directory. Rename functions from rte_eal_vdev_ to rte_vdev_ to prepare the move of the driver out of EAL. The prefix rte_eal_vdrv_ is also renamed to rte_vdev_. It was used for registration of vdev drivers. Signed-off-by: Thomas Monjalon <thomas@monjalon.net> Acked-by: Stephen Hemminger <stephen@networkplumber.org>
2017-05-04 16:01:19 +00:00
* Call rte_vdev_init("crypto_aesni_mb") within the application.
doc: add initialization section for crypto vdevs Explain how to create/initialize virtual crypto PMDs, through command line and within an application. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-04-04 13:14:37 +00:00
vdev: remove eal prefix The VDEV code will move to the bus drivers directory. Rename functions from rte_eal_vdev_ to rte_vdev_ to prepare the move of the driver out of EAL. The prefix rte_eal_vdrv_ is also renamed to rte_vdev_. It was used for registration of vdev drivers. Signed-off-by: Thomas Monjalon <thomas@monjalon.net> Acked-by: Stephen Hemminger <stephen@networkplumber.org>
2017-05-04 16:01:19 +00:00
* Use --vdev="crypto_aesni_mb" in the EAL options, which will call rte_vdev_init() internally.
doc: add initialization section for crypto vdevs Explain how to create/initialize virtual crypto PMDs, through command line and within an application. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-04-04 13:14:37 +00:00
The following parameters (all optional) can be provided in the previous two calls:
* socket_id: Specify the socket where the memory for the device is going to be allocated
(by default, socket_id will be the socket where the core that is creating the PMD is running on).
* max_nb_queue_pairs: Specify the maximum number of queue pairs in the device (8 by default).
* max_nb_sessions: Specify the maximum number of sessions that can be created (2048 by default).
Example:
.. code-block:: console
doc: complete crypto sample command line Documentation of some virtual crypto PMDs have a sample command line to show how to initialize the device on a specific application, L2fwd-crypto. This was meant to be used as a reference, but these lines themselves do not work, as the sample application used required more parameters, which are added in this commit to have a fully functional example. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: John McNamara <john.mcnamara@intel.com>
2017-07-26 00:59:59 +00:00
./l2fwd-crypto -l 1 -n 4 --vdev="crypto_aesni_mb,socket_id=0,max_nb_sessions=128" \
-- -p 1 --cdev SW --chain CIPHER_HASH --cipher_algo "aes-cbc" --auth_algo "sha1-hmac"
crypto/aesni_mb: support IPSec Multi-buffer lib v0.46 IPSec Multi-buffer library v0.46 has been released, which includes, among othe features, support for 12-byte IV, for AES-CTR, keeping also the previous 16-byte IV, for backward compatibility reasons. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Declan Doherty <declan.doherty@intel.com>
2017-07-02 02:55:05 +00:00
Extra notes
-----------
For AES Counter mode (AES-CTR), the library supports two different sizes for Initialization
Vector (IV):
doc: fix spelling reported by aspell in guides Fix spelling errors in the guide docs. Signed-off-by: John McNamara <john.mcnamara@intel.com> Acked-by: Rami Rosen <ramirose@gmail.com>
2019-04-26 15:14:21 +00:00
* 12 bytes: used mainly for IPsec, as it requires 12 bytes from the user, which internally
crypto/aesni_mb: support IPSec Multi-buffer lib v0.46 IPSec Multi-buffer library v0.46 has been released, which includes, among othe features, support for 12-byte IV, for AES-CTR, keeping also the previous 16-byte IV, for backward compatibility reasons. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Declan Doherty <declan.doherty@intel.com>
2017-07-02 02:55:05 +00:00
are appended the counter block (4 bytes), which is set to 1 for the first block
(no padding required from the user)
* 16 bytes: when passing 16 bytes, the library will take them and use the last 4 bytes
as the initial counter block for the first block.
Reference in New Issue Copy Permalink