15630257fSFerruh Yigit.. SPDX-License-Identifier: BSD-3-Clause 2bf6eb2c2SPablo de Lara Copyright(c) 2016-2019 Intel Corporation. 32773c86dSPablo de Lara 42773c86dSPablo de LaraKASUMI Crypto Poll Mode Driver 52773c86dSPablo de Lara=============================== 62773c86dSPablo de Lara 78809f78cSBruce RichardsonThe KASUMI PMD (**librte_crypto_kasumi**) provides poll mode crypto driver support for 8bf6eb2c2SPablo de Larautilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_ 9bf6eb2c2SPablo de Larawhich implements F8 and F9 functions for KASUMI UEA1 cipher and UIA1 hash algorithms. 102773c86dSPablo de Lara 112773c86dSPablo de LaraFeatures 122773c86dSPablo de Lara-------- 132773c86dSPablo de Lara 142773c86dSPablo de LaraKASUMI PMD has support for: 152773c86dSPablo de Lara 162773c86dSPablo de LaraCipher algorithm: 172773c86dSPablo de Lara 18fddf3804SDeepak Kumar Jain* RTE_CRYPTO_CIPHER_KASUMI_F8 192773c86dSPablo de Lara 202773c86dSPablo de LaraAuthentication algorithm: 212773c86dSPablo de Lara 22fddf3804SDeepak Kumar Jain* RTE_CRYPTO_AUTH_KASUMI_F9 232773c86dSPablo de Lara 242773c86dSPablo de LaraLimitations 252773c86dSPablo de Lara----------- 262773c86dSPablo de Lara 272773c86dSPablo de Lara* Chained mbufs are not supported. 289333cfbaSPablo de Lara* KASUMI(F9) supported only if hash offset and length field is byte-aligned. 29ebee5594SPablo de Lara* In-place bit-level operations for KASUMI(F8) are not supported 30ebee5594SPablo de Lara (if length and/or offset of data to be ciphered is not byte-aligned). 31ebee5594SPablo de Lara 322773c86dSPablo de Lara 33f272ea5bSPablo de LaraKASUMI PMD vs AESNI MB PMD 34f272ea5bSPablo de Lara-------------------------- 35f272ea5bSPablo de Lara 36f272ea5bSPablo de LaraAESNI MB PMD also supports KASUMI cipher and authentication algorithms. 37f272ea5bSPablo de LaraIt is recommended to use the AESNI MB PMD, 38f272ea5bSPablo de Larawhich offers better performance on Intel processors. 39f272ea5bSPablo de LaraTake a look at the PMD documentation (:doc:`aesni_mb`) for more information. 40f272ea5bSPablo de Lara 412773c86dSPablo de LaraInstallation 422773c86dSPablo de Lara------------ 432773c86dSPablo de Lara 44bf6eb2c2SPablo de LaraTo build DPDK with the KASUMI_PMD the user is required to download the multi-buffer 45bf6eb2c2SPablo de Laralibrary from `here <https://github.com/01org/intel-ipsec-mb>`_ 46bf6eb2c2SPablo de Laraand compile it on their user system before building DPDK. 47ad3f114fSSivaramakrishnan VenkatThe latest version of the library supported by this PMD is v1.5, which 48ad3f114fSSivaramakrishnan Venkatcan be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v1.5.zip>`_. 49bf6eb2c2SPablo de Lara 502773c86dSPablo de LaraAfter downloading the library, the user needs to unpack and compile it 51bf6eb2c2SPablo de Laraon their system before building DPDK: 52bf6eb2c2SPablo de Lara 53bf6eb2c2SPablo de Lara.. code-block:: console 542773c86dSPablo de Lara 55ae688ed8SPablo de Lara make 56bf6eb2c2SPablo de Lara make install 57ae688ed8SPablo de Lara 58dede694cSPablo de LaraThe library requires NASM to be built. Depending on the library version, it might 59dede694cSPablo de Lararequire a minimum NASM version (e.g. v0.54 requires at least NASM 2.14). 60dede694cSPablo de Lara 61dede694cSPablo de LaraNASM is packaged for different OS. However, on some OS the version is too old, 62dede694cSPablo de Laraso a manual installation is required. In that case, NASM can be downloaded from 63dede694cSPablo de Lara`NASM website <https://www.nasm.us/pub/nasm/releasebuilds/?C=M;O=D>`_. 64dede694cSPablo de LaraOnce it is downloaded, extract it and follow these steps: 65dede694cSPablo de Lara 66dede694cSPablo de Lara.. code-block:: console 67dede694cSPablo de Lara 68dede694cSPablo de Lara ./configure 69dede694cSPablo de Lara make 70dede694cSPablo de Lara make install 71dede694cSPablo de Lara 72bf6eb2c2SPablo de LaraAs a reference, the following table shows a mapping between the past DPDK versions 73bf6eb2c2SPablo de Laraand the external crypto libraries supported by them: 744792d3eaSPablo de Lara 75bf6eb2c2SPablo de Lara.. _table_kasumi_versions: 764792d3eaSPablo de Lara 77bf6eb2c2SPablo de Lara.. table:: DPDK and external crypto library version compatibility 78ae688ed8SPablo de Lara 79bf6eb2c2SPablo de Lara ============= ================================ 80bf6eb2c2SPablo de Lara DPDK version Crypto library version 81bf6eb2c2SPablo de Lara ============= ================================ 8250369b2eSBrian Dooley 20.02 - 21.08 Multi-buffer library 0.53 - 1.3 83*8484d74bSBrian Dooley 21.11 - 24.07 Multi-buffer library 1.0 - 1.5 84*8484d74bSBrian Dooley 24.11+ Multi-buffer library 1.4 - 1.5 85bf6eb2c2SPablo de Lara ============= ================================ 86ae688ed8SPablo de Lara 872773c86dSPablo de LaraInitialization 882773c86dSPablo de Lara-------------- 892773c86dSPablo de Lara 902773c86dSPablo de LaraIn order to enable this virtual crypto PMD, user must: 912773c86dSPablo de Lara 92bf6eb2c2SPablo de Lara* Build the multi buffer library (explained in Installation section). 932773c86dSPablo de Lara 942773c86dSPablo de LaraTo use the PMD in an application, user must: 952773c86dSPablo de Lara 962f6fec53SThomas Monjalon* Call rte_vdev_init("crypto_kasumi") within the application. 972773c86dSPablo de Lara 982f6fec53SThomas Monjalon* Use --vdev="crypto_kasumi" in the EAL options, which will call rte_vdev_init() internally. 992773c86dSPablo de Lara 1002773c86dSPablo de LaraThe following parameters (all optional) can be provided in the previous two calls: 1012773c86dSPablo de Lara 1022773c86dSPablo de Lara* socket_id: Specify the socket where the memory for the device is going to be allocated 1032773c86dSPablo de Lara (by default, socket_id will be the socket where the core that is creating the PMD is running on). 1042773c86dSPablo de Lara 1052773c86dSPablo de Lara* max_nb_queue_pairs: Specify the maximum number of queue pairs in the device (8 by default). 1062773c86dSPablo de Lara 1072773c86dSPablo de Lara* max_nb_sessions: Specify the maximum number of sessions that can be created (2048 by default). 1082773c86dSPablo de Lara 1092773c86dSPablo de LaraExample: 1102773c86dSPablo de Lara 1112773c86dSPablo de Lara.. code-block:: console 1122773c86dSPablo de Lara 113fd5f9fb9SCiara Power ./dpdk-l2fwd-crypto -l 1 -n 4 --vdev="crypto_kasumi,socket_id=0,max_nb_sessions=128" \ 114fda78c51SPablo de Lara -- -p 1 --cdev SW --chain CIPHER_ONLY --cipher_algo "kasumi-f8" 1159333cfbaSPablo de Lara 1169333cfbaSPablo de LaraExtra notes on KASUMI F9 1179333cfbaSPablo de Lara------------------------ 1189333cfbaSPablo de Lara 1199333cfbaSPablo de LaraWhen using KASUMI F9 authentication algorithm, the input buffer must be 1209333cfbaSPablo de Laraconstructed according to the 3GPP KASUMI specifications (section 4.4, page 13): 1219333cfbaSPablo de Lara`<http://cryptome.org/3gpp/35201-900.pdf>`_. 1229333cfbaSPablo de LaraInput buffer has to have COUNT (4 bytes), FRESH (4 bytes), MESSAGE and DIRECTION (1 bit) 1239333cfbaSPablo de Laraconcatenated. After the DIRECTION bit, a single '1' bit is appended, followed by 1249333cfbaSPablo de Larabetween 0 and 7 '0' bits, so that the total length of the buffer is multiple of 8 bits. 1259333cfbaSPablo de LaraNote that the actual message can be any length, specified in bits. 1269333cfbaSPablo de Lara 1279333cfbaSPablo de LaraOnce this buffer is passed this way, when creating the crypto operation, 1289333cfbaSPablo de Laralength of data to authenticate (op.sym.auth.data.length) must be the length 1299333cfbaSPablo de Laraof all the items described above, including the padding at the end. 1309333cfbaSPablo de LaraAlso, offset of data to authenticate (op.sym.auth.data.offset) 1319333cfbaSPablo de Laramust be such that points at the start of the COUNT bytes. 132