1.. SPDX-License-Identifier: BSD-3-Clause 2 Copyright(c) 2016-2019 Intel Corporation. 3 4KASUMI Crypto Poll Mode Driver 5=============================== 6 7The KASUMI PMD (**librte_crypto_kasumi**) provides poll mode crypto driver support for 8utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_ 9which implements F8 and F9 functions for KASUMI UEA1 cipher and UIA1 hash algorithms. 10 11Features 12-------- 13 14KASUMI PMD has support for: 15 16Cipher algorithm: 17 18* RTE_CRYPTO_CIPHER_KASUMI_F8 19 20Authentication algorithm: 21 22* RTE_CRYPTO_AUTH_KASUMI_F9 23 24Limitations 25----------- 26 27* Chained mbufs are not supported. 28* KASUMI(F9) supported only if hash offset and length field is byte-aligned. 29* In-place bit-level operations for KASUMI(F8) are not supported 30 (if length and/or offset of data to be ciphered is not byte-aligned). 31 32 33KASUMI PMD vs AESNI MB PMD 34-------------------------- 35 36AESNI MB PMD also supports KASUMI cipher and authentication algorithms. 37It is recommended to use the AESNI MB PMD, 38which offers better performance on Intel processors. 39Take a look at the PMD documentation (:doc:`aesni_mb`) for more information. 40 41Installation 42------------ 43 44To build DPDK with the KASUMI_PMD the user is required to download the multi-buffer 45library from `here <https://github.com/01org/intel-ipsec-mb>`_ 46and compile it on their user system before building DPDK. 47The latest version of the library supported by this PMD is v1.5, which 48can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v1.5.zip>`_. 49 50After downloading the library, the user needs to unpack and compile it 51on their system before building DPDK: 52 53.. code-block:: console 54 55 make 56 make install 57 58The library requires NASM to be built. Depending on the library version, it might 59require a minimum NASM version (e.g. v0.54 requires at least NASM 2.14). 60 61NASM is packaged for different OS. However, on some OS the version is too old, 62so a manual installation is required. In that case, NASM can be downloaded from 63`NASM website <https://www.nasm.us/pub/nasm/releasebuilds/?C=M;O=D>`_. 64Once it is downloaded, extract it and follow these steps: 65 66.. code-block:: console 67 68 ./configure 69 make 70 make install 71 72As a reference, the following table shows a mapping between the past DPDK versions 73and the external crypto libraries supported by them: 74 75.. _table_kasumi_versions: 76 77.. table:: DPDK and external crypto library version compatibility 78 79 ============= ================================ 80 DPDK version Crypto library version 81 ============= ================================ 82 20.02 - 21.08 Multi-buffer library 0.53 - 1.3 83 21.11 - 24.07 Multi-buffer library 1.0 - 1.5 84 24.11+ Multi-buffer library 1.4 - 1.5 85 ============= ================================ 86 87Initialization 88-------------- 89 90In order to enable this virtual crypto PMD, user must: 91 92* Build the multi buffer library (explained in Installation section). 93 94To use the PMD in an application, user must: 95 96* Call rte_vdev_init("crypto_kasumi") within the application. 97 98* Use --vdev="crypto_kasumi" in the EAL options, which will call rte_vdev_init() internally. 99 100The following parameters (all optional) can be provided in the previous two calls: 101 102* socket_id: Specify the socket where the memory for the device is going to be allocated 103 (by default, socket_id will be the socket where the core that is creating the PMD is running on). 104 105* max_nb_queue_pairs: Specify the maximum number of queue pairs in the device (8 by default). 106 107* max_nb_sessions: Specify the maximum number of sessions that can be created (2048 by default). 108 109Example: 110 111.. code-block:: console 112 113 ./dpdk-l2fwd-crypto -l 1 -n 4 --vdev="crypto_kasumi,socket_id=0,max_nb_sessions=128" \ 114 -- -p 1 --cdev SW --chain CIPHER_ONLY --cipher_algo "kasumi-f8" 115 116Extra notes on KASUMI F9 117------------------------ 118 119When using KASUMI F9 authentication algorithm, the input buffer must be 120constructed according to the 3GPP KASUMI specifications (section 4.4, page 13): 121`<http://cryptome.org/3gpp/35201-900.pdf>`_. 122Input buffer has to have COUNT (4 bytes), FRESH (4 bytes), MESSAGE and DIRECTION (1 bit) 123concatenated. After the DIRECTION bit, a single '1' bit is appended, followed by 124between 0 and 7 '0' bits, so that the total length of the buffer is multiple of 8 bits. 125Note that the actual message can be any length, specified in bits. 126 127Once this buffer is passed this way, when creating the crypto operation, 128length of data to authenticate (op.sym.auth.data.length) must be the length 129of all the items described above, including the padding at the end. 130Also, offset of data to authenticate (op.sym.auth.data.offset) 131must be such that points at the start of the COUNT bytes. 132