d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
f262f16087
numam-dpdk/doc/guides/cryptodevs/aesni_mb.rst

195 lines
6.4 KiB
ReStructuredText
Raw Normal View History

doc: convert Intel license headers to SPDX tags Signed-off-by: Ferruh Yigit <ferruh.yigit@intel.com> Acked-by: Bruce Richardson <bruce.richardson@intel.com>
2018-02-01 17:18:17 +00:00
.. SPDX-License-Identifier: BSD-3-Clause
doc: fix AESNI_MB guide This patch fixes the incorrect intel multi buffer library support version and missed limitation of GCM algorithm support. Fixes: 0e9f8507afcb ("crypto/aesni_mb: support AES-GCM algorithm") Cc: stable@dpdk.org Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2019-01-09 12:11:12 +00:00
Copyright(c) 2015-2018 Intel Corporation.
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
doc: support IPsec Multi-buffer lib v1.3 Updated AESNI MB and AESNI GCM, KASUMI, ZUC, SNOW3G and CHACHA20_POLY1305 PMD documentation guides with information about the latest Intel IPsec Multi-buffer library supported. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Ciara Power <ciara.power@intel.com> Acked-by: Brian Dooley <brian.dooley@intel.com> Signed-off-by: Kai Ji <kai.ji@intel.com>
2022-11-21 16:35:17 +00:00
AES-NI Multi Buffer Crypto Poll Mode Driver
===========================================
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
doc: fix driver names Since the built driver filenames have changed in DPDK 20.11, we need to update the driver doc to match. Most drivers start their section with the driver filename highlighted in bold, while a number were missing the highlight. When updating the names, add the markers for bold text to any missing it, so as to have things more consistent. Fixes: a20b2c01a7a1 ("build: standardize component names and defines") Signed-off-by: Bruce Richardson <bruce.richardson@intel.com> Reviewed-by: David Marchand <david.marchand@redhat.com> Reviewed-by: Rosen Xu <rosen.xu@intel.com> Acked-by: Ajit Khaparde <ajit.khaparde@broadcom.com>
2020-11-03 12:36:02 +00:00
The AESNI MB PMD (**librte_crypto_aesni_mb**) provides poll mode crypto driver
doc: fix spellings Fix various spellings in rst docs. Signed-off-by: John McNamara <john.mcnamara@intel.com> Acked-by: Harry van Haaren <harry.van.haaren@intel.com>
2015-12-15 09:38:59 +00:00
support for utilizing Intel multi buffer library, see the white paper
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
`Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors
doc: fix outdated link to IPsec white paper Fixes: 924e84f87306 ("aesni_mb: add driver for multi buffer based crypto") Cc: stable@dpdk.org Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2018-02-14 17:14:06 +00:00
<https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/fast-multi-buffer-ipsec-implementations-ia-processors-paper.pdf>`_.
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
crypto/aesni_mb: support CPU crypto Add support for CPU crypto mode by introducing required handler. Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2020-04-17 15:03:48 +00:00
The AES-NI MB PMD supports synchronous mode of operation with
``rte_cryptodev_sym_cpu_crypto_process`` function call.
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
Features
--------
AESNI MB PMD has support for:
Cipher algorithms:
doc: fix names of supported crypto algorithms Update documentation with correct names of supported algorithms. Fixes: 1703e94ac5cee ("qat: add driver for QuickAssist devices") Fixes: 3aafc423cf4d ("snow3g: add driver for SNOW 3G library") Fixes: 924e84f87306 ("aesni_mb: add driver for multi buffer based crypto") Fixes: 2773c86d061a ("crypto/kasumi: add driver for KASUMI library") Signed-off-by: Deepak Kumar Jain <deepak.k.jain@intel.com> Acked-by: Fiona Trahe <fiona.trahe@intel.com>
2016-09-19 11:14:52 +00:00
* RTE_CRYPTO_CIPHER_AES128_CBC
* RTE_CRYPTO_CIPHER_AES192_CBC
* RTE_CRYPTO_CIPHER_AES256_CBC
* RTE_CRYPTO_CIPHER_AES128_CTR
* RTE_CRYPTO_CIPHER_AES192_CTR
* RTE_CRYPTO_CIPHER_AES256_CTR
crypto/aesni_mb: support AES DOCSIS BPI Underlying IPSec Multi buffer library implements DOCSIS specification, so this commit adds support for this new feature, which combines AES-CBC for full AES blocks (16 bytes) and AES-CFB for last runt block (less than 16 bytes). Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Declan Doherty <declan.doherty@intel.com>
2017-02-23 15:06:29 +00:00
* RTE_CRYPTO_CIPHER_AES_DOCSISBPI
crypto/aesni_mb: support DES The Multi-buffer library now supports DES-CBC and DES-DOCSISBPI algorithms, so this commit extends adds support for them in the PMD. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Fan Zhang <roy.fan.zhang@intel.com> Reviewed-by: Radu Nicolau <radu.nicolau@intel.com>
2017-10-05 05:27:58 +00:00
* RTE_CRYPTO_CIPHER_DES_CBC
crypto/aesni_mb: support 3DES Added support for 3DES cipher algorithm which will support 8, 16 and 24 byte keys, which also has been added in the v0.50 of the IPSec Multi-buffer lib. Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2018-06-08 09:10:01 +00:00
* RTE_CRYPTO_CIPHER_3DES_CBC
crypto/aesni_mb: support DES The Multi-buffer library now supports DES-CBC and DES-DOCSISBPI algorithms, so this commit extends adds support for them in the PMD. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Fan Zhang <roy.fan.zhang@intel.com> Reviewed-by: Radu Nicolau <radu.nicolau@intel.com>
2017-10-05 05:27:58 +00:00
* RTE_CRYPTO_CIPHER_DES_DOCSISBPI
crypto/aesni_mb: support AES-ECB This patch adds AES-ECB 128, 192 and 256 support to the aesni_mb PMD. AES-ECB 128, 192 and 256 test vectors added to cryptodev tests. Signed-off-by: Marcel Cornu <marcel.d.cornu@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2020-09-11 15:49:26 +00:00
* RTE_CRYPTO_CIPHER_AES128_ECB
* RTE_CRYPTO_CIPHER_AES192_ECB
* RTE_CRYPTO_CIPHER_AES256_ECB
crypto/aesni_mb: support ZUC-EEA3/EIA3 Add support for ZUC-EEA3/EIA3 algorithms through the intel-ipsec-mb job API, allowing the mix of these algorithms with others. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-09 11:29:52 +00:00
* RTE_CRYPTO_CIPHER_ZUC_EEA3
crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Add support for SNOW3G-UEA2/UIA2 algorithms through the intel-ipsec-mb job API, allowing the mix of these algorithms with others. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-09 11:29:53 +00:00
* RTE_CRYPTO_CIPHER_SNOW3G_UEA2
crypto/aesni_mb: support KASUMI F8/F9 Add support for KASUMI-F8/F9 algorithms through the intel-ipsec-mb job API, allowing the mix of these algorithms with others. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-09 11:29:54 +00:00
* RTE_CRYPTO_CIPHER_KASUMI_F8
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
Hash algorithms:
crypto/aesni_mb: support ZUC-EEA3/EIA3 Add support for ZUC-EEA3/EIA3 algorithms through the intel-ipsec-mb job API, allowing the mix of these algorithms with others. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-09 11:29:52 +00:00
* RTE_CRYPTO_AUTH_MD5_HMAC
* RTE_CRYPTO_AUTH_SHA1_HMAC
* RTE_CRYPTO_AUTH_SHA224_HMAC
* RTE_CRYPTO_AUTH_SHA256_HMAC
* RTE_CRYPTO_AUTH_SHA384_HMAC
* RTE_CRYPTO_AUTH_SHA512_HMAC
* RTE_CRYPTO_AUTH_AES_XCBC_HMAC
* RTE_CRYPTO_AUTH_AES_CMAC
* RTE_CRYPTO_AUTH_AES_GMAC
* RTE_CRYPTO_AUTH_SHA1
* RTE_CRYPTO_AUTH_SHA224
* RTE_CRYPTO_AUTH_SHA256
* RTE_CRYPTO_AUTH_SHA384
* RTE_CRYPTO_AUTH_SHA512
* RTE_CRYPTO_AUTH_ZUC_EIA3
crypto/aesni_mb: support SNOW3G-UEA2/UIA2 Add support for SNOW3G-UEA2/UIA2 algorithms through the intel-ipsec-mb job API, allowing the mix of these algorithms with others. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-09 11:29:53 +00:00
* RTE_CRYPTO_AUTH_SNOW3G_UIA2
crypto/aesni_mb: support KASUMI F8/F9 Add support for KASUMI-F8/F9 algorithms through the intel-ipsec-mb job API, allowing the mix of these algorithms with others. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-09 11:29:54 +00:00
* RTE_CRYPTO_AUTH_KASUMI_F9
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
crypto/aesni_mb: support AES-CCM Add support to AES-CCM, for 128-bit keys. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-12-19 15:34:30 +00:00
AEAD algorithms:
* RTE_CRYPTO_AEAD_AES_CCM
crypto/aesni_mb: support AES-GCM algorithm This patch updates the current AESNI-MB PMD with added AES-GCM algorithm support. The patch includes the necessary changes to the code including the capability update, control and data patch changes for the AES-GCM algorithm support. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
2018-10-10 11:04:41 +00:00
* RTE_CRYPTO_AEAD_AES_GCM
crypto/aesni_mb: support Chacha20-Poly1305 Add support for Chacha20-Poly1305 AEAD algorithm. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2020-10-09 12:05:21 +00:00
* RTE_CRYPTO_AEAD_CHACHA20_POLY1305
crypto/aesni_mb: support AES-CCM Add support to AES-CCM, for 128-bit keys. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2017-12-19 15:34:30 +00:00
crypto/aesni_mb: support DOCSIS protocol Add support to the AESNI-MB PMD for the DOCSIS protocol, through the rte_security API. This, therefore, includes adding support for the rte_security API to this PMD. Signed-off-by: David Coyle <david.coyle@intel.com> Signed-off-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2020-07-03 12:39:29 +00:00
Protocol offloads:
* RTE_SECURITY_PROTOCOL_DOCSIS
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
Limitations
-----------
crypto/aesni_mb: support DOCSIS protocol Add support to the AESNI-MB PMD for the DOCSIS protocol, through the rte_security API. This, therefore, includes adding support for the rte_security API to this PMD. Signed-off-by: David Coyle <david.coyle@intel.com> Signed-off-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2020-07-03 12:39:29 +00:00
* Out-of-place is not supported for combined Crypto-CRC DOCSIS security
protocol.
* RTE_CRYPTO_CIPHER_DES_DOCSISBPI is not supported for combined Crypto-CRC
DOCSIS security protocol.
doc: remove incorrect limitation on AESNI-MB PMD AESNI MB PMD supports sessionless operations, but the documentation was stating that only operations with session were supported. Fixes: 924e84f87306 ("aesni_mb: add driver for multi buffer based crypto") Cc: stable@dpdk.org Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Declan Doherty <declan.doherty@intel.com>
2017-07-13 05:36:48 +00:00
doc: support IPsec Multi-buffer lib v1.3 Updated AESNI MB and AESNI GCM, KASUMI, ZUC, SNOW3G and CHACHA20_POLY1305 PMD documentation guides with information about the latest Intel IPsec Multi-buffer library supported. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Ciara Power <ciara.power@intel.com> Acked-by: Brian Dooley <brian.dooley@intel.com> Signed-off-by: Kai Ji <kai.ji@intel.com>
2022-11-21 16:35:17 +00:00
AESNI MB PMD selection over SNOW3G/ZUC/KASUMI PMDs
--------------------------------------------------
This PMD supports wireless cipher suite (SNOW3G, ZUC and KASUMI).
On Intel processors, it is recommended to use this PMD
instead of SNOW3G, ZUC and KASUMI PMDs, as it enables algorithm mixing
(e.g. cipher algorithm SNOW3G-UEA2 with authentication algorithm AES-CMAC-128)
and performance over IMIX (packet size mix) traffic is significantly higher.
AESNI MB PMD selection over CHACHA20-POLY1305 PMD
-------------------------------------------------
This PMD supports Chacha20-Poly1305 algorithm.
On Intel processors, it is recommended to use this PMD instead of CHACHA20-POLY1305 PMD,
as it delivers better performance on single segment buffers.
For multi-segment buffers, it is still recommended to use CHACHA20-POLY1305 PMD,
until the new SGL API is introduced in the AESNI MB PMD.
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
Installation
------------
doc: clarify multi-buffer crypto library version support AES-NI MB PMD uses external Multi-Buffer library, which is hosted in github, but the version was not specified in the documentation. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Deepak Kumar Jain <deepak.k.jain@intel.com>
2017-02-10 12:33:42 +00:00
To build DPDK with the AESNI_MB_PMD the user is required to download the multi-buffer
library from `here <https://github.com/01org/intel-ipsec-mb>`_
crypto/aesni_mb: update dependency in guide The Intel(R) Multi Buffer Crypto library used in the AESNI MB PMD has been moved to a new repository, in github. This patch updates the link where it can be downloaded. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: John McNamara <john.mcnamara@intel.com>
2016-12-19 17:29:01 +00:00
and compile it on their user system before building DPDK.
doc: support IPsec Multi-buffer lib v1.3 Updated AESNI MB and AESNI GCM, KASUMI, ZUC, SNOW3G and CHACHA20_POLY1305 PMD documentation guides with information about the latest Intel IPsec Multi-buffer library supported. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Ciara Power <ciara.power@intel.com> Acked-by: Brian Dooley <brian.dooley@intel.com> Signed-off-by: Kai Ji <kai.ji@intel.com>
2022-11-21 16:35:17 +00:00
The latest version of the library supported by this PMD is v1.3, which
can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v1.3.zip>`_.
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
.. code-block:: console
crypto/aesni_mb: support IPsec Multi-buffer lib v0.49 Adds support for the v0.49 of the IPsec Multi-buffer lib, which now gets compiled and installed as a shared object. Therefore, there is no need to pass the AESNI_MULTI_BUFFER_LIB_PATH Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2018-03-27 12:14:29 +00:00
make
make install
aesni_mb: add driver for multi buffer based crypto This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
2015-11-25 13:25:15 +00:00
doc: add NASM installation steps The intel-ipsec-mb library requires NASM as a dependency. Steps on how to get and install NASM are added on the documentation of the crypto PMDs which requires the library. Bugzilla ID: 417 Cc: stable@dpdk.org Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Kevin Traynor <ktraynor@redhat.com>
2020-05-21 09:15:12 +00:00
The library requires NASM to be built. Depending on the library version, it might
require a minimum NASM version (e.g. v0.54 requires at least NASM 2.14).
NASM is packaged for different OS. However, on some OS the version is too old,
so a manual installation is required. In that case, NASM can be downloaded from
`NASM website <https://www.nasm.us/pub/nasm/releasebuilds/?C=M;O=D>`_.
Once it is downloaded, extract it and follow these steps:
.. code-block:: console
./configure
make
make install
doc: add build requirement in some crypto PMD guides The following crypto PMDs use the Intel Multi-buffer library: - AESNI MB PMD - AESNI GCM PMD - ZUC PMD - KASUMI PMD - SNOW3G PMD When this library is built with gcc < 5.0, it might throw some compilation issues. A workaround has been added in the repo of this library, so a note on this has been added to the documentation of these PMDs. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: John McNamara <john.mcnamara@intel.com>
2020-02-17 17:12:55 +00:00
.. note::
Compilation of the Multi-Buffer library is broken when GCC < 5.0, if library <= v0.53.
If a lower GCC version than 5.0, the workaround proposed by the following link
should be used: `<https://github.com/intel/intel-ipsec-mb/issues/40>`_.
crypto/aesni_mb: support IPSec Multi-buffer lib v0.45 IPSec Multi-buffer library v0.45 has been released, which includes, among other features, support for DOCSIS BPI specification and include AVX512 optimizations. This new version added const qualifiers to some of the function prototypes, so the PMD has been updated to include these changes. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Declan Doherty <declan.doherty@intel.com>
2017-03-30 15:04:18 +00:00
As a reference, the following table shows a mapping between the past DPDK versions
and the Multi-Buffer library version supported by them:
.. _table_aesni_mb_versions:
.. table:: DPDK and Multi-Buffer library version compatibility
doc: update IPSec Multi-buffer lib versioning IPSec Multi-buffer library v0.47 has been released, which includes, among other features, support for DES-CBC and DES-DOCSIS. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: John McNamara <john.mcnamara@intel.com>
2017-10-05 05:27:57 +00:00
============== ============================
DPDK version Multi-buffer library version
============== ============================
2.2 - 16.11 0.43 - 0.44
17.02 0.44
doc: update IPSec Multi-buffer lib versioning IPSec Multi-buffer library v0.48 has been released, which includes, among other features, support for AES-CCM. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Marko Kovacevic <marko.kovacevic@intel.com>
2017-12-19 09:27:55 +00:00
17.05 - 17.08 0.45 - 0.48
17.11 0.47 - 0.48
crypto/aesni_mb: support IPsec Multi-buffer lib v0.49 Adds support for the v0.49 of the IPsec Multi-buffer lib, which now gets compiled and installed as a shared object. Therefore, there is no need to pass the AESNI_MULTI_BUFFER_LIB_PATH Signed-off-by: Marko Kovacevic <marko.kovacevic@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2018-03-27 12:14:29 +00:00
18.02 0.48
crypto/aesni_mb: support newer library version only As stated in 19.02 deprecation notice, this patch updates the aesni_mb PMD to remove the support of older Intel-ipsec-mb library version earlier than 0.52. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2019-03-25 13:58:35 +00:00
18.05 - 19.02 0.49 - 0.52
doc: support IPsec Multi-buffer lib v0.53 Updated AESNI MB and AESNI GCM PMD documentation guides with information about the latest Intel IPSec Multi-buffer library supported. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2019-11-04 09:32:46 +00:00
19.05 - 19.08 0.52
crypto/ipsec_mb: move aesni_mb PMD This patch removes the crypto/aesni_mb folder and gathers all aesni-mb PMD implementation specific details into a single file, pmd_aesni_mb.c in crypto/ipsec_mb. Now that intel-ipsec-mb v1.0 is the minimum supported version, old macros can be replaced with the newer macros supported by this version. Signed-off-by: Piotr Bronowski <piotrx.bronowski@intel.com> Signed-off-by: Ciara Power <ciara.power@intel.com> Acked-by: Ray Kinsella <mdr@ashroe.eu> Acked-by: Fan Zhang <roy.fan.zhang@intel.com> Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-10-15 14:39:46 +00:00
19.11 - 20.08 0.52 - 0.55
doc: support IPsec Multi-buffer lib v1.3 Updated AESNI MB and AESNI GCM, KASUMI, ZUC, SNOW3G and CHACHA20_POLY1305 PMD documentation guides with information about the latest Intel IPsec Multi-buffer library supported. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Ciara Power <ciara.power@intel.com> Acked-by: Brian Dooley <brian.dooley@intel.com> Signed-off-by: Kai Ji <kai.ji@intel.com>
2022-11-21 16:35:17 +00:00
20.11 - 21.08 0.53 - 1.3*
21.11+ 1.0 - 1.3*
doc: update IPSec Multi-buffer lib versioning IPSec Multi-buffer library v0.47 has been released, which includes, among other features, support for DES-CBC and DES-DOCSIS. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: John McNamara <john.mcnamara@intel.com>
2017-10-05 05:27:57 +00:00
============== ============================
crypto/aesni_mb: support IPSec Multi-buffer lib v0.45 IPSec Multi-buffer library v0.45 has been released, which includes, among other features, support for DOCSIS BPI specification and include AVX512 optimizations. This new version added const qualifiers to some of the function prototypes, so the PMD has been updated to include these changes. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Declan Doherty <declan.doherty@intel.com>
2017-03-30 15:04:18 +00:00
doc: update dependencies for SW crypto PMDs This patch updates the dependency requirement information for aesni-gcm, aesni-mb, snow3g, zuc, and kasumi PMDs. Previously building these PMDs with Make will fail when the system is installed intel-ipsec-mb library version 1.0 or newer. Since Make build system is deprecated already, instead of fixing the issue the documentation is updated to state it. Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
2021-06-23 16:20:15 +00:00
\* Multi-buffer library 1.0 or newer only works for Meson but not Make build system.
crypto/aesni_mb: support IPSec Multi-buffer lib v0.45 IPSec Multi-buffer library v0.45 has been released, which includes, among other features, support for DOCSIS BPI specification and include AVX512 optimizations. This new version added const qualifiers to some of the function prototypes, so the PMD has been updated to include these changes. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Declan Doherty <declan.doherty@intel.com>
2017-03-30 15:04:18 +00:00
doc: add initialization section for crypto vdevs Explain how to create/initialize virtual crypto PMDs, through command line and within an application. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-04-04 13:14:37 +00:00
Initialization
--------------
In order to enable this virtual crypto PMD, user must:
* Build the multi buffer library (explained in Installation section).
To use the PMD in an application, user must:
vdev: remove eal prefix The VDEV code will move to the bus drivers directory. Rename functions from rte_eal_vdev_ to rte_vdev_ to prepare the move of the driver out of EAL. The prefix rte_eal_vdrv_ is also renamed to rte_vdev_. It was used for registration of vdev drivers. Signed-off-by: Thomas Monjalon <thomas@monjalon.net> Acked-by: Stephen Hemminger <stephen@networkplumber.org>
2017-05-04 16:01:19 +00:00
* Call rte_vdev_init("crypto_aesni_mb") within the application.
doc: add initialization section for crypto vdevs Explain how to create/initialize virtual crypto PMDs, through command line and within an application. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-04-04 13:14:37 +00:00
vdev: remove eal prefix The VDEV code will move to the bus drivers directory. Rename functions from rte_eal_vdev_ to rte_vdev_ to prepare the move of the driver out of EAL. The prefix rte_eal_vdrv_ is also renamed to rte_vdev_. It was used for registration of vdev drivers. Signed-off-by: Thomas Monjalon <thomas@monjalon.net> Acked-by: Stephen Hemminger <stephen@networkplumber.org>
2017-05-04 16:01:19 +00:00
* Use --vdev="crypto_aesni_mb" in the EAL options, which will call rte_vdev_init() internally.
doc: add initialization section for crypto vdevs Explain how to create/initialize virtual crypto PMDs, through command line and within an application. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
2016-04-04 13:14:37 +00:00
The following parameters (all optional) can be provided in the previous two calls:
* socket_id: Specify the socket where the memory for the device is going to be allocated
(by default, socket_id will be the socket where the core that is creating the PMD is running on).
* max_nb_queue_pairs: Specify the maximum number of queue pairs in the device (8 by default).
* max_nb_sessions: Specify the maximum number of sessions that can be created (2048 by default).
Example:
.. code-block:: console
doc: remove references to make from cryptodevs guide Make is no longer supported for compiling DPDK, references are now removed in the documentation. Signed-off-by: Ciara Power <ciara.power@intel.com> Reviewed-by: Kevin Laatz <kevin.laatz@intel.com> Reviewed-by: Ruifeng Wang <ruifeng.wang@arm.com> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
2020-10-21 08:17:16 +00:00
./dpdk-l2fwd-crypto -l 1 -n 4 --vdev="crypto_aesni_mb,socket_id=0,max_nb_sessions=128" \
doc: complete crypto sample command line Documentation of some virtual crypto PMDs have a sample command line to show how to initialize the device on a specific application, L2fwd-crypto. This was meant to be used as a reference, but these lines themselves do not work, as the sample application used required more parameters, which are added in this commit to have a fully functional example. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: John McNamara <john.mcnamara@intel.com>
2017-07-26 00:59:59 +00:00
-- -p 1 --cdev SW --chain CIPHER_HASH --cipher_algo "aes-cbc" --auth_algo "sha1-hmac"
crypto/aesni_mb: support IPSec Multi-buffer lib v0.46 IPSec Multi-buffer library v0.46 has been released, which includes, among othe features, support for 12-byte IV, for AES-CTR, keeping also the previous 16-byte IV, for backward compatibility reasons. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Declan Doherty <declan.doherty@intel.com>
2017-07-02 02:55:05 +00:00
Extra notes
-----------
For AES Counter mode (AES-CTR), the library supports two different sizes for Initialization
Vector (IV):
doc: fix spelling reported by aspell in guides Fix spelling errors in the guide docs. Signed-off-by: John McNamara <john.mcnamara@intel.com> Acked-by: Rami Rosen <ramirose@gmail.com>
2019-04-26 15:14:21 +00:00
* 12 bytes: used mainly for IPsec, as it requires 12 bytes from the user, which internally
crypto/aesni_mb: support IPSec Multi-buffer lib v0.46 IPSec Multi-buffer library v0.46 has been released, which includes, among othe features, support for 12-byte IV, for AES-CTR, keeping also the previous 16-byte IV, for backward compatibility reasons. Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Acked-by: Declan Doherty <declan.doherty@intel.com>
2017-07-02 02:55:05 +00:00
are appended the counter block (4 bytes), which is set to 1 for the first block
(no padding required from the user)
* 16 bytes: when passing 16 bytes, the library will take them and use the last 4 bytes
as the initial counter block for the first block.
Reference in New Issue Copy Permalink