numam-dpdk/doc/guides/cryptodevs/octeontx2.rst
Tejasree Kondoj 398b70cbbb crypto/octeontx2: support lookaside IPv4 transport mode
Adding support for IPv4 lookaside IPsec transport mode.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
2021-04-16 12:43:33 +02:00

195 lines
5.0 KiB
ReStructuredText

.. SPDX-License-Identifier: BSD-3-Clause
Copyright(c) 2019 Marvell International Ltd.
Marvell OCTEON TX2 Crypto Poll Mode Driver
==========================================
The OCTEON TX2 crypto poll mode driver provides support for offloading
cryptographic operations to cryptographic accelerator units on the
**OCTEON TX2** :sup:`®` family of processors (CN9XXX).
More information about OCTEON TX2 SoCs may be obtained from `<https://www.marvell.com>`_
Features
--------
The OCTEON TX2 crypto PMD has support for:
Symmetric Crypto Algorithms
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cipher algorithms:
* ``RTE_CRYPTO_CIPHER_NULL``
* ``RTE_CRYPTO_CIPHER_3DES_CBC``
* ``RTE_CRYPTO_CIPHER_3DES_ECB``
* ``RTE_CRYPTO_CIPHER_AES_CBC``
* ``RTE_CRYPTO_CIPHER_AES_CTR``
* ``RTE_CRYPTO_CIPHER_AES_XTS``
* ``RTE_CRYPTO_CIPHER_DES_CBC``
* ``RTE_CRYPTO_CIPHER_KASUMI_F8``
* ``RTE_CRYPTO_CIPHER_SNOW3G_UEA2``
* ``RTE_CRYPTO_CIPHER_ZUC_EEA3``
Hash algorithms:
* ``RTE_CRYPTO_AUTH_NULL``
* ``RTE_CRYPTO_AUTH_AES_GMAC``
* ``RTE_CRYPTO_AUTH_KASUMI_F9``
* ``RTE_CRYPTO_AUTH_MD5``
* ``RTE_CRYPTO_AUTH_MD5_HMAC``
* ``RTE_CRYPTO_AUTH_SHA1``
* ``RTE_CRYPTO_AUTH_SHA1_HMAC``
* ``RTE_CRYPTO_AUTH_SHA224``
* ``RTE_CRYPTO_AUTH_SHA224_HMAC``
* ``RTE_CRYPTO_AUTH_SHA256``
* ``RTE_CRYPTO_AUTH_SHA256_HMAC``
* ``RTE_CRYPTO_AUTH_SHA384``
* ``RTE_CRYPTO_AUTH_SHA384_HMAC``
* ``RTE_CRYPTO_AUTH_SHA512``
* ``RTE_CRYPTO_AUTH_SHA512_HMAC``
* ``RTE_CRYPTO_AUTH_SNOW3G_UIA2``
* ``RTE_CRYPTO_AUTH_ZUC_EIA3``
AEAD algorithms:
* ``RTE_CRYPTO_AEAD_AES_GCM``
* ``RTE_CRYPTO_AEAD_CHACHA20_POLY1305``
Asymmetric Crypto Algorithms
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* ``RTE_CRYPTO_ASYM_XFORM_RSA``
* ``RTE_CRYPTO_ASYM_XFORM_MODEX``
Installation
------------
The OCTEON TX2 crypto PMD may be compiled natively on an OCTEON TX2 platform or
cross-compiled on an x86 platform.
Refer to :doc:`../platform/octeontx2` for instructions to build your DPDK
application.
.. note::
The OCTEON TX2 crypto PMD uses services from the kernel mode OCTEON TX2
crypto PF driver in linux. This driver is included in the OCTEON TX SDK.
Initialization
--------------
List the CPT PF devices available on your OCTEON TX2 platform:
.. code-block:: console
lspci -d:a0fd
``a0fd`` is the CPT PF device id. You should see output similar to:
.. code-block:: console
0002:10:00.0 Class 1080: Device 177d:a0fd
Set ``sriov_numvfs`` on the CPT PF device, to create a VF:
.. code-block:: console
echo 1 > /sys/bus/pci/drivers/octeontx2-cpt/0002:10:00.0/sriov_numvfs
Bind the CPT VF device to the vfio_pci driver:
.. code-block:: console
echo '177d a0fe' > /sys/bus/pci/drivers/vfio-pci/new_id
echo 0002:10:00.1 > /sys/bus/pci/devices/0002:10:00.1/driver/unbind
echo 0002:10:00.1 > /sys/bus/pci/drivers/vfio-pci/bind
Another way to bind the VF would be to use the ``dpdk-devbind.py`` script:
.. code-block:: console
cd <dpdk directory>
./usertools/dpdk-devbind.py -u 0002:10:00.1
./usertools/dpdk-devbind.py -b vfio-pci 0002:10.00.1
.. note::
* For CN98xx SoC, it is recommended to use even and odd DBDF VFs to achieve
higher performance as even VF uses one crypto engine and odd one uses
another crypto engine.
* Ensure that sufficient huge pages are available for your application::
dpdk-hugepages.py --setup 4G --pagesize 512M
Refer to :ref:`linux_gsg_hugepages` for more details.
Debugging Options
-----------------
.. _table_octeontx2_crypto_debug_options:
.. table:: OCTEON TX2 crypto PMD debug options
+---+------------+-------------------------------------------------------+
| # | Component | EAL log command |
+===+============+=======================================================+
| 1 | CPT | --log-level='pmd\.crypto\.octeontx2,8' |
+---+------------+-------------------------------------------------------+
Testing
-------
The symmetric crypto operations on OCTEON TX2 crypto PMD may be verified by running the test
application:
.. code-block:: console
./dpdk-test
RTE>>cryptodev_octeontx2_autotest
The asymmetric crypto operations on OCTEON TX2 crypto PMD may be verified by running the test
application:
.. code-block:: console
./dpdk-test
RTE>>cryptodev_octeontx2_asym_autotest
Lookaside IPsec Support
-----------------------
The OCTEON TX2 SoC can accelerate IPsec traffic in lookaside protocol mode,
with its **cryptographic accelerator (CPT)**. ``OCTEON TX2 crypto PMD`` implements
this as an ``RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL`` offload.
Refer to :doc:`../prog_guide/rte_security` for more details on protocol offloads.
This feature can be tested with ipsec-secgw sample application.
Features supported
~~~~~~~~~~~~~~~~~~
* IPv4
* IPv6
* ESP
* Tunnel mode
* Transport mode(IPv4)
* ESN
* Anti-replay
* UDP Encapsulation
* AES-128/192/256-GCM
* AES-128/192/256-CBC-SHA1-HMAC
* AES-128/192/256-CBC-SHA256-128-HMAC
Limitations
-----------
Multiple lcores may not operate on the same crypto queue pair. The lcore that
enqueues to a queue pair is the one that must dequeue from it.