1.. SPDX-License-Identifier: BSD-3-Clause 2 Copyright(c) 2016-2019 Intel Corporation. 3 4KASUMI Crypto Poll Mode Driver 5=============================== 6 7The KASUMI PMD (**librte_pmd_kasumi**) provides poll mode crypto driver support for 8utilizing `Intel IPSec Multi-buffer library <https://github.com/01org/intel-ipsec-mb>`_ 9which implements F8 and F9 functions for KASUMI UEA1 cipher and UIA1 hash algorithms. 10 11Features 12-------- 13 14KASUMI PMD has support for: 15 16Cipher algorithm: 17 18* RTE_CRYPTO_CIPHER_KASUMI_F8 19 20Authentication algorithm: 21 22* RTE_CRYPTO_AUTH_KASUMI_F9 23 24Limitations 25----------- 26 27* Chained mbufs are not supported. 28* KASUMI(F9) supported only if hash offset and length field is byte-aligned. 29* In-place bit-level operations for KASUMI(F8) are not supported 30 (if length and/or offset of data to be ciphered is not byte-aligned). 31 32 33Installation 34------------ 35 36To build DPDK with the KASUMI_PMD the user is required to download the multi-buffer 37library from `here <https://github.com/01org/intel-ipsec-mb>`_ 38and compile it on their user system before building DPDK. 39The latest version of the library supported by this PMD is v0.54, which 40can be downloaded from `<https://github.com/01org/intel-ipsec-mb/archive/v0.54.zip>`_. 41 42After downloading the library, the user needs to unpack and compile it 43on their system before building DPDK: 44 45.. code-block:: console 46 47 make 48 make install 49 50.. note:: 51 52 Compilation of the Multi-Buffer library is broken when GCC < 5.0, if library <= v0.53. 53 If a lower GCC version than 5.0, the workaround proposed by the following link 54 should be used: `<https://github.com/intel/intel-ipsec-mb/issues/40>`_. 55 56As a reference, the following table shows a mapping between the past DPDK versions 57and the external crypto libraries supported by them: 58 59.. _table_kasumi_versions: 60 61.. table:: DPDK and external crypto library version compatibility 62 63 ============= ================================ 64 DPDK version Crypto library version 65 ============= ================================ 66 16.11 - 19.11 LibSSO KASUMI 67 20.02+ Multi-buffer library 0.53 - 0.54 68 ============= ================================ 69 70 71Initialization 72-------------- 73 74In order to enable this virtual crypto PMD, user must: 75 76* Build the multi buffer library (explained in Installation section). 77 78* Build DPDK as follows: 79 80.. code-block:: console 81 82 make config T=x86_64-native-linux-gcc 83 sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_KASUMI\)=n,\1=y,' build/.config 84 make 85 86 87To use the PMD in an application, user must: 88 89* Call rte_vdev_init("crypto_kasumi") within the application. 90 91* Use --vdev="crypto_kasumi" in the EAL options, which will call rte_vdev_init() internally. 92 93The following parameters (all optional) can be provided in the previous two calls: 94 95* socket_id: Specify the socket where the memory for the device is going to be allocated 96 (by default, socket_id will be the socket where the core that is creating the PMD is running on). 97 98* max_nb_queue_pairs: Specify the maximum number of queue pairs in the device (8 by default). 99 100* max_nb_sessions: Specify the maximum number of sessions that can be created (2048 by default). 101 102Example: 103 104.. code-block:: console 105 106 ./l2fwd-crypto -l 1 -n 4 --vdev="crypto_kasumi,socket_id=0,max_nb_sessions=128" \ 107 -- -p 1 --cdev SW --chain CIPHER_ONLY --cipher_algo "kasumi-f8" 108 109Extra notes on KASUMI F9 110------------------------ 111 112When using KASUMI F9 authentication algorithm, the input buffer must be 113constructed according to the 3GPP KASUMI specifications (section 4.4, page 13): 114`<http://cryptome.org/3gpp/35201-900.pdf>`_. 115Input buffer has to have COUNT (4 bytes), FRESH (4 bytes), MESSAGE and DIRECTION (1 bit) 116concatenated. After the DIRECTION bit, a single '1' bit is appended, followed by 117between 0 and 7 '0' bits, so that the total length of the buffer is multiple of 8 bits. 118Note that the actual message can be any length, specified in bits. 119 120Once this buffer is passed this way, when creating the crypto operation, 121length of data to authenticate (op.sym.auth.data.length) must be the length 122of all the items described above, including the padding at the end. 123Also, offset of data to authenticate (op.sym.auth.data.offset) 124must be such that points at the start of the COUNT bytes. 125