1.. SPDX-License-Identifier: BSD-3-Clause 2 Copyright(c) 2015-2018 Intel Corporation. 3 4AESN-NI Multi Buffer Crypto Poll Mode Driver 5============================================ 6 7 8The AESNI MB PMD (**librte_pmd_aesni_mb**) provides poll mode crypto driver 9support for utilizing Intel multi buffer library, see the white paper 10`Fast Multi-buffer IPsec Implementations on Intel® Architecture Processors 11<https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/fast-multi-buffer-ipsec-implementations-ia-processors-paper.pdf>`_. 12 13The AES-NI MB PMD has current only been tested on Fedora 21 64-bit with gcc. 14 15Features 16-------- 17 18AESNI MB PMD has support for: 19 20Cipher algorithms: 21 22* RTE_CRYPTO_CIPHER_AES128_CBC 23* RTE_CRYPTO_CIPHER_AES192_CBC 24* RTE_CRYPTO_CIPHER_AES256_CBC 25* RTE_CRYPTO_CIPHER_AES128_CTR 26* RTE_CRYPTO_CIPHER_AES192_CTR 27* RTE_CRYPTO_CIPHER_AES256_CTR 28* RTE_CRYPTO_CIPHER_AES_DOCSISBPI 29* RTE_CRYPTO_CIPHER_DES_CBC 30* RTE_CRYPTO_CIPHER_3DES_CBC 31* RTE_CRYPTO_CIPHER_DES_DOCSISBPI 32 33Hash algorithms: 34 35* RTE_CRYPTO_HASH_MD5_HMAC 36* RTE_CRYPTO_HASH_SHA1_HMAC 37* RTE_CRYPTO_HASH_SHA224_HMAC 38* RTE_CRYPTO_HASH_SHA256_HMAC 39* RTE_CRYPTO_HASH_SHA384_HMAC 40* RTE_CRYPTO_HASH_SHA512_HMAC 41* RTE_CRYPTO_HASH_AES_XCBC_HMAC 42* RTE_CRYPTO_HASH_AES_CMAC 43* RTE_CRYPTO_HASH_AES_GMAC 44* RTE_CRYPTO_HASH_SHA1 45* RTE_CRYPTO_HASH_SHA224 46* RTE_CRYPTO_HASH_SHA256 47* RTE_CRYPTO_HASH_SHA384 48* RTE_CRYPTO_HASH_SHA512 49 50AEAD algorithms: 51 52* RTE_CRYPTO_AEAD_AES_CCM 53* RTE_CRYPTO_AEAD_AES_GCM 54 55Limitations 56----------- 57 58* Chained mbufs are not supported. 59 60 61Installation 62------------ 63 64To build DPDK with the AESNI_MB_PMD the user is required to download the multi-buffer 65library from `here <https://github.com/01org/intel-ipsec-mb>`_ 66and compile it on their user system before building DPDK. 67The latest version of the library supported by this PMD is v0.53, which 68can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.53.zip>`_. 69 70.. code-block:: console 71 72 make 73 make install 74 75As a reference, the following table shows a mapping between the past DPDK versions 76and the Multi-Buffer library version supported by them: 77 78.. _table_aesni_mb_versions: 79 80.. table:: DPDK and Multi-Buffer library version compatibility 81 82 ============== ============================ 83 DPDK version Multi-buffer library version 84 ============== ============================ 85 2.2 - 16.11 0.43 - 0.44 86 17.02 0.44 87 17.05 - 17.08 0.45 - 0.48 88 17.11 0.47 - 0.48 89 18.02 0.48 90 18.05 - 19.02 0.49 - 0.52 91 19.05 - 19.08 0.52 92 19.11+ 0.52 - 0.53 93 ============== ============================ 94 95 96Initialization 97-------------- 98 99In order to enable this virtual crypto PMD, user must: 100 101* Build the multi buffer library (explained in Installation section). 102 103* Set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_base. 104 105To use the PMD in an application, user must: 106 107* Call rte_vdev_init("crypto_aesni_mb") within the application. 108 109* Use --vdev="crypto_aesni_mb" in the EAL options, which will call rte_vdev_init() internally. 110 111The following parameters (all optional) can be provided in the previous two calls: 112 113* socket_id: Specify the socket where the memory for the device is going to be allocated 114 (by default, socket_id will be the socket where the core that is creating the PMD is running on). 115 116* max_nb_queue_pairs: Specify the maximum number of queue pairs in the device (8 by default). 117 118* max_nb_sessions: Specify the maximum number of sessions that can be created (2048 by default). 119 120Example: 121 122.. code-block:: console 123 124 ./l2fwd-crypto -l 1 -n 4 --vdev="crypto_aesni_mb,socket_id=0,max_nb_sessions=128" \ 125 -- -p 1 --cdev SW --chain CIPHER_HASH --cipher_algo "aes-cbc" --auth_algo "sha1-hmac" 126 127Extra notes 128----------- 129 130For AES Counter mode (AES-CTR), the library supports two different sizes for Initialization 131Vector (IV): 132 133* 12 bytes: used mainly for IPsec, as it requires 12 bytes from the user, which internally 134 are appended the counter block (4 bytes), which is set to 1 for the first block 135 (no padding required from the user) 136 137* 16 bytes: when passing 16 bytes, the library will take them and use the last 4 bytes 138 as the initial counter block for the first block. 139