15630257fSFerruh Yigit.. SPDX-License-Identifier: BSD-3-Clause 22977a136SFan Zhang Copyright(c) 2015-2018 Intel Corporation. 3924e84f8SDeclan Doherty 4f272ea5bSPablo de LaraAES-NI Multi Buffer Crypto Poll Mode Driver 5f272ea5bSPablo de Lara=========================================== 6924e84f8SDeclan Doherty 7924e84f8SDeclan Doherty 88809f78cSBruce RichardsonThe AESNI MB PMD (**librte_crypto_aesni_mb**) provides poll mode crypto driver 92fe68f32SJohn McNamarasupport for utilizing Intel multi buffer library, see the white paper 10924e84f8SDeclan Doherty`Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors 11d429cc0bSPablo de Lara<https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/fast-multi-buffer-ipsec-implementations-ia-processors-paper.pdf>`_. 12924e84f8SDeclan Doherty 13a2c6d3f3SKonstantin AnanyevThe AES-NI MB PMD supports synchronous mode of operation with 14a2c6d3f3SKonstantin Ananyev``rte_cryptodev_sym_cpu_crypto_process`` function call. 15a2c6d3f3SKonstantin Ananyev 16924e84f8SDeclan DohertyFeatures 17924e84f8SDeclan Doherty-------- 18924e84f8SDeclan Doherty 19924e84f8SDeclan DohertyAESNI MB PMD has support for: 20924e84f8SDeclan Doherty 21924e84f8SDeclan DohertyCipher algorithms: 22924e84f8SDeclan Doherty 23fddf3804SDeepak Kumar Jain* RTE_CRYPTO_CIPHER_AES128_CBC 24fddf3804SDeepak Kumar Jain* RTE_CRYPTO_CIPHER_AES192_CBC 25fddf3804SDeepak Kumar Jain* RTE_CRYPTO_CIPHER_AES256_CBC 26fddf3804SDeepak Kumar Jain* RTE_CRYPTO_CIPHER_AES128_CTR 27fddf3804SDeepak Kumar Jain* RTE_CRYPTO_CIPHER_AES192_CTR 28fddf3804SDeepak Kumar Jain* RTE_CRYPTO_CIPHER_AES256_CTR 29c1296f67SPablo de Lara* RTE_CRYPTO_CIPHER_AES_DOCSISBPI 30ade02f0fSPablo de Lara* RTE_CRYPTO_CIPHER_DES_CBC 3106c761d6SMarko Kovacevic* RTE_CRYPTO_CIPHER_3DES_CBC 32ade02f0fSPablo de Lara* RTE_CRYPTO_CIPHER_DES_DOCSISBPI 33c94c520bSMarcel Cornu* RTE_CRYPTO_CIPHER_AES128_ECB 34c94c520bSMarcel Cornu* RTE_CRYPTO_CIPHER_AES192_ECB 35c94c520bSMarcel Cornu* RTE_CRYPTO_CIPHER_AES256_ECB 36fd8df854SPablo de Lara* RTE_CRYPTO_CIPHER_ZUC_EEA3 376c42e0cfSPablo de Lara* RTE_CRYPTO_CIPHER_SNOW3G_UEA2 38ae8e085cSPablo de Lara* RTE_CRYPTO_CIPHER_KASUMI_F8 390c2f1b05SBrian Dooley* RTE_CRYPTO_CIPHER_SM4_CBC 400c2f1b05SBrian Dooley* RTE_CRYPTO_CIPHER_SM4_ECB 410c2f1b05SBrian Dooley* RTE_CRYPTO_CIPHER_SM4_CTR 42924e84f8SDeclan Doherty 43924e84f8SDeclan DohertyHash algorithms: 44924e84f8SDeclan Doherty 45fd8df854SPablo de Lara* RTE_CRYPTO_AUTH_MD5_HMAC 46fd8df854SPablo de Lara* RTE_CRYPTO_AUTH_SHA1_HMAC 47fd8df854SPablo de Lara* RTE_CRYPTO_AUTH_SHA224_HMAC 48fd8df854SPablo de Lara* RTE_CRYPTO_AUTH_SHA256_HMAC 49fd8df854SPablo de Lara* RTE_CRYPTO_AUTH_SHA384_HMAC 50fd8df854SPablo de Lara* RTE_CRYPTO_AUTH_SHA512_HMAC 51fd8df854SPablo de Lara* RTE_CRYPTO_AUTH_AES_XCBC_HMAC 52fd8df854SPablo de Lara* RTE_CRYPTO_AUTH_AES_CMAC 53fd8df854SPablo de Lara* RTE_CRYPTO_AUTH_AES_GMAC 54fd8df854SPablo de Lara* RTE_CRYPTO_AUTH_SHA1 55fd8df854SPablo de Lara* RTE_CRYPTO_AUTH_SHA224 56fd8df854SPablo de Lara* RTE_CRYPTO_AUTH_SHA256 57fd8df854SPablo de Lara* RTE_CRYPTO_AUTH_SHA384 58fd8df854SPablo de Lara* RTE_CRYPTO_AUTH_SHA512 59fd8df854SPablo de Lara* RTE_CRYPTO_AUTH_ZUC_EIA3 606c42e0cfSPablo de Lara* RTE_CRYPTO_AUTH_SNOW3G_UIA2 61ae8e085cSPablo de Lara* RTE_CRYPTO_AUTH_KASUMI_F9 629a1d4797SBrian Dooley* RTE_CRYPTO_AUTH_SM3 63add05a01SBrian Dooley* RTE_CRYPTO_AUTH_SM3 HMAC 64924e84f8SDeclan Doherty 65945acb4aSFan ZhangAEAD algorithms: 66945acb4aSFan Zhang 67945acb4aSFan Zhang* RTE_CRYPTO_AEAD_AES_CCM 680e9f8507SFan Zhang* RTE_CRYPTO_AEAD_AES_GCM 69010230a1SPablo de Lara* RTE_CRYPTO_AEAD_CHACHA20_POLY1305 70945acb4aSFan Zhang 71fda5216fSDavid CoyleProtocol offloads: 72fda5216fSDavid Coyle 73fda5216fSDavid Coyle* RTE_SECURITY_PROTOCOL_DOCSIS 74fda5216fSDavid Coyle 75924e84f8SDeclan DohertyLimitations 76924e84f8SDeclan Doherty----------- 77924e84f8SDeclan Doherty 78fda5216fSDavid Coyle* Out-of-place is not supported for combined Crypto-CRC DOCSIS security 79fda5216fSDavid Coyle protocol. 80fda5216fSDavid Coyle* RTE_CRYPTO_CIPHER_DES_DOCSISBPI is not supported for combined Crypto-CRC 81fda5216fSDavid Coyle DOCSIS security protocol. 828082845fSPablo de Lara 83f272ea5bSPablo de LaraAESNI MB PMD selection over SNOW3G/ZUC/KASUMI PMDs 84f272ea5bSPablo de Lara-------------------------------------------------- 85f272ea5bSPablo de Lara 86f272ea5bSPablo de LaraThis PMD supports wireless cipher suite (SNOW3G, ZUC and KASUMI). 87f272ea5bSPablo de LaraOn Intel processors, it is recommended to use this PMD 88f272ea5bSPablo de Larainstead of SNOW3G, ZUC and KASUMI PMDs, as it enables algorithm mixing 89f272ea5bSPablo de Lara(e.g. cipher algorithm SNOW3G-UEA2 with authentication algorithm AES-CMAC-128) 90f272ea5bSPablo de Laraand performance over IMIX (packet size mix) traffic is significantly higher. 91f272ea5bSPablo de Lara 92f272ea5bSPablo de LaraAESNI MB PMD selection over CHACHA20-POLY1305 PMD 93f272ea5bSPablo de Lara------------------------------------------------- 94f272ea5bSPablo de Lara 95f272ea5bSPablo de LaraThis PMD supports Chacha20-Poly1305 algorithm. 96f272ea5bSPablo de LaraOn Intel processors, it is recommended to use this PMD instead of CHACHA20-POLY1305 PMD, 97f272ea5bSPablo de Laraas it delivers better performance on single segment buffers. 98f272ea5bSPablo de LaraFor multi-segment buffers, it is still recommended to use CHACHA20-POLY1305 PMD, 99f272ea5bSPablo de Larauntil the new SGL API is introduced in the AESNI MB PMD. 100924e84f8SDeclan Doherty 101924e84f8SDeclan DohertyInstallation 102924e84f8SDeclan Doherty------------ 103924e84f8SDeclan Doherty 1046b72aad6SPablo de LaraTo build DPDK with the AESNI_MB_PMD the user is required to download the multi-buffer 1056b72aad6SPablo de Laralibrary from `here <https://github.com/01org/intel-ipsec-mb>`_ 10621c0a80eSPablo de Laraand compile it on their user system before building DPDK. 107ad3f114fSSivaramakrishnan VenkatThe latest version of the library supported by this PMD is v1.5, which 108ad3f114fSSivaramakrishnan Venkatcan be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v1.5.zip>`_. 109924e84f8SDeclan Doherty 110924e84f8SDeclan Doherty.. code-block:: console 111924e84f8SDeclan Doherty 11221c0a80eSPablo de Lara make 1132a1e2da1SMarko Kovacevic make install 114924e84f8SDeclan Doherty 115dede694cSPablo de LaraThe library requires NASM to be built. Depending on the library version, it might 116dede694cSPablo de Lararequire a minimum NASM version (e.g. v0.54 requires at least NASM 2.14). 117dede694cSPablo de Lara 118dede694cSPablo de LaraNASM is packaged for different OS. However, on some OS the version is too old, 119dede694cSPablo de Laraso a manual installation is required. In that case, NASM can be downloaded from 120dede694cSPablo de Lara`NASM website <https://www.nasm.us/pub/nasm/releasebuilds/?C=M;O=D>`_. 121dede694cSPablo de LaraOnce it is downloaded, extract it and follow these steps: 122dede694cSPablo de Lara 123dede694cSPablo de Lara.. code-block:: console 124dede694cSPablo de Lara 125dede694cSPablo de Lara ./configure 126dede694cSPablo de Lara make 127dede694cSPablo de Lara make install 128dede694cSPablo de Lara 1291cdeb1c5SPablo de LaraAs a reference, the following table shows a mapping between the past DPDK versions 1301cdeb1c5SPablo de Laraand the Multi-Buffer library version supported by them: 1311cdeb1c5SPablo de Lara 1321cdeb1c5SPablo de Lara.. _table_aesni_mb_versions: 1331cdeb1c5SPablo de Lara 1341cdeb1c5SPablo de Lara.. table:: DPDK and Multi-Buffer library version compatibility 1351cdeb1c5SPablo de Lara 1365d87df73SPablo de Lara ============== ============================ 1371cdeb1c5SPablo de Lara DPDK version Multi-buffer library version 1385d87df73SPablo de Lara ============== ============================ 13950369b2eSBrian Dooley 20.11 - 21.08 0.53 - 1.3 140*8484d74bSBrian Dooley 21.11 - 24.07 1.0 - 1.5 141*8484d74bSBrian Dooley 24.11+ 1.4 - 1.5 1425d87df73SPablo de Lara ============== ============================ 1431cdeb1c5SPablo de Lara 144b7d65109SPablo de LaraInitialization 145b7d65109SPablo de Lara-------------- 146b7d65109SPablo de Lara 147b7d65109SPablo de LaraIn order to enable this virtual crypto PMD, user must: 148b7d65109SPablo de Lara 149b7d65109SPablo de Lara* Build the multi buffer library (explained in Installation section). 150b7d65109SPablo de Lara 151b7d65109SPablo de LaraTo use the PMD in an application, user must: 152b7d65109SPablo de Lara 1532f6fec53SThomas Monjalon* Call rte_vdev_init("crypto_aesni_mb") within the application. 154b7d65109SPablo de Lara 1552f6fec53SThomas Monjalon* Use --vdev="crypto_aesni_mb" in the EAL options, which will call rte_vdev_init() internally. 156b7d65109SPablo de Lara 157b7d65109SPablo de LaraThe following parameters (all optional) can be provided in the previous two calls: 158b7d65109SPablo de Lara 159b7d65109SPablo de Lara* socket_id: Specify the socket where the memory for the device is going to be allocated 160b7d65109SPablo de Lara (by default, socket_id will be the socket where the core that is creating the PMD is running on). 161b7d65109SPablo de Lara 162b7d65109SPablo de Lara* max_nb_queue_pairs: Specify the maximum number of queue pairs in the device (8 by default). 163b7d65109SPablo de Lara 164b7d65109SPablo de Lara* max_nb_sessions: Specify the maximum number of sessions that can be created (2048 by default). 165b7d65109SPablo de Lara 166b7d65109SPablo de LaraExample: 167b7d65109SPablo de Lara 168b7d65109SPablo de Lara.. code-block:: console 169b7d65109SPablo de Lara 170fd5f9fb9SCiara Power ./dpdk-l2fwd-crypto -l 1 -n 4 --vdev="crypto_aesni_mb,socket_id=0,max_nb_sessions=128" \ 171fda78c51SPablo de Lara -- -p 1 --cdev SW --chain CIPHER_HASH --cipher_algo "aes-cbc" --auth_algo "sha1-hmac" 1723728e9baSPablo de Lara 1733728e9baSPablo de LaraExtra notes 1743728e9baSPablo de Lara----------- 1753728e9baSPablo de Lara 1763728e9baSPablo de LaraFor AES Counter mode (AES-CTR), the library supports two different sizes for Initialization 1773728e9baSPablo de LaraVector (IV): 1783728e9baSPablo de Lara 179d629b7b5SJohn McNamara* 12 bytes: used mainly for IPsec, as it requires 12 bytes from the user, which internally 1803728e9baSPablo de Lara are appended the counter block (4 bytes), which is set to 1 for the first block 1813728e9baSPablo de Lara (no padding required from the user) 1823728e9baSPablo de Lara 1833728e9baSPablo de Lara* 16 bytes: when passing 16 bytes, the library will take them and use the last 4 bytes 1843728e9baSPablo de Lara as the initial counter block for the first block. 185