xref: /dpdk/doc/guides/cryptodevs/mvsam.rst (revision e977e4199a8d6bab72cf94e154adcad1fb964e5e) 
1..  BSD LICENSE
2    Copyright(c) 2017 Marvell International Ltd.
3    Copyright(c) 2017 Semihalf.
4    All rights reserved.
5
6    Redistribution and use in source and binary forms, with or without
7    modification, are permitted provided that the following conditions
8    are met:
9
10      * Redistributions of source code must retain the above copyright
11        notice, this list of conditions and the following disclaimer.
12      * Redistributions in binary form must reproduce the above copyright
13        notice, this list of conditions and the following disclaimer in
14        the documentation and/or other materials provided with the
15        distribution.
16      * Neither the name of the copyright holder nor the names of its
17        contributors may be used to endorse or promote products derived
18        from this software without specific prior written permission.
19
20    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21    "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22    LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23    A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24    OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25    SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26    LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27    DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28    THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29    (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30    OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31
32MVSAM Crypto Poll Mode Driver
33=============================
34
35The MVSAM CRYPTO PMD (**librte_crypto_mvsam_pmd**) provides poll mode crypto driver
36support by utilizing MUSDK library, which provides cryptographic operations
37acceleration by using Security Acceleration Engine (EIP197) directly from
38user-space with minimum overhead and high performance.
39
40Features
41--------
42
43MVSAM CRYPTO PMD has support for:
44
45* Symmetric crypto
46* Sym operation chaining
47* AES CBC (128)
48* AES CBC (192)
49* AES CBC (256)
50* AES CTR (128)
51* AES CTR (192)
52* AES CTR (256)
53* 3DES CBC
54* 3DES CTR
55* MD5
56* MD5 HMAC
57* SHA1
58* SHA1 HMAC
59* SHA256
60* SHA256 HMAC
61* SHA384
62* SHA384 HMAC
63* SHA512
64* SHA512 HMAC
65* AES GCM (128)
66
67Limitations
68-----------
69
70* Hardware only supports scenarios where ICV (digest buffer) is placed just
71  after the authenticated data. Other placement will result in error.
72
73Installation
74------------
75
76MVSAM CRYPTO PMD driver compilation is disabled by default due to external dependencies.
77Currently there are two driver specific compilation options in
78``config/common_base`` available:
79
80- ``CONFIG_RTE_LIBRTE_MVSAM_CRYPTO`` (default ``n``)
81
82    Toggle compilation of the librte_pmd_mvsam driver.
83
84- ``CONFIG_RTE_LIBRTE_MVSAM_CRYPTO_DEBUG`` (default ``n``)
85
86    Toggle display of debugging messages.
87
88For a list of prerequisites please refer to `Prerequisites` section in
89:ref:`MVPP2 Poll Mode Driver <mvpp2_poll_mode_driver>` guide.
90
91MVSAM CRYPTO PMD requires MUSDK built with EIP197 support thus following
92extra option must be passed to the library configuration script:
93
94.. code-block:: console
95
96   --enable-sam
97
98For `crypto_safexcel.ko` module build instructions please refer
99to `doc/musdk_get_started.txt`.
100
101Initialization
102--------------
103
104After successfully building MVSAM CRYPTO PMD, the following modules need to be
105loaded:
106
107.. code-block:: console
108
109   insmod musdk_uio.ko
110   insmod mvpp2x_sysfs.ko
111   insmod mv_pp_uio.ko
112   insmod mv_sam_uio.ko
113   insmod crypto_safexcel.ko
114
115The following parameters (all optional) are exported by the driver:
116
117* max_nb_queue_pairs: maximum number of queue pairs in the device (8 by default).
118* max_nb_sessions: maximum number of sessions that can be created (2048 by default).
119* socket_id: socket on which to allocate the device resources on.
120
121l2fwd-crypto example application can be used to verify MVSAM CRYPTO PMD
122operation:
123
124.. code-block:: console
125
126   ./l2fwd-crypto --vdev=eth_mvpp2,iface=eth0 --vdev=crypto_mvsam -- \
127     --cipher_op ENCRYPT --cipher_algo aes-cbc \
128     --cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f  \
129     --auth_op GENERATE --auth_algo sha1-hmac \
130     --auth_key 10:11:12:13:14:15:16:17:18:19:1a:1b:1c:1d:1e:1f
131
132Example output:
133
134.. code-block:: console
135
136   [...]
137   AAD: at [0x7f253ceb80], len=
138   P ID 0 configuration ----
139   Port mode               : KR
140   MAC status              : disabled
141   Link status             : link up
142   Port speed              : 10G
143   Port duplex             : full
144   Port: Egress enable tx_port_num=16 qmap=0x1
145   PORT: Port0 - link
146   P ID 0 configuration ----
147   Port mode               : KR
148   MAC status              : disabled
149   Link status             : link down
150   Port speed              : 10G
151   Port duplex             : full
152   Port: Egress enable tx_port_num=16 qmap=0x1
153   Port 0, MAC address: 00:50:43:02:21:20
154
155
156   Checking link statusdone
157   Port 0 Link Up - speed 0 Mbps - full-duplex
158   Lcore 0: RX port 0
159   Allocated session pool on socket 0
160   eip197: 0:0 registers: paddr: 0xf2880000, vaddr: 0x0x7f56a80000
161   DMA buffer (131136 bytes) for CDR #0 allocated: paddr = 0xb0585e00, vaddr = 0x7f09384e00
162   DMA buffer (131136 bytes) for RDR #0 allocated: paddr = 0xb05a5f00, vaddr = 0x7f093a4f00
163   DMA buffers allocated for 2049 operations. Tokens - 256 bytes
164   Lcore 0: cryptodev 0
165   L2FWD: lcore 1 has nothing to do
166   L2FWD: lcore 2 has nothing to do
167   L2FWD: lcore 3 has nothing to do
168   L2FWD: entering main loop on lcore 0
169   L2FWD:  -- lcoreid=0 portid=0
170   L2FWD:  -- lcoreid=0 cryptoid=0
171   Options:-
172   nportmask: ffffffff
173   ports per lcore: 1
174   refresh period : 10000
175   single lcore mode: disabled
176   stats_printing: enabled
177   sessionless crypto: disabled
178
179   Crypto chain: Input --> Encrypt --> Auth generate --> Output
180
181   ---- Cipher information ---
182   Algorithm: aes-cbc
183   Cipher key: at [0x7f56db4e80], len=16
184   00000000: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ................
185   IV: at [0x7f56db4b80], len=16
186   00000000: 20 F0 63 0E 45 EB 2D 84 72 D4 13 6E 36 B5 AF FE |  .c.E.-.r..n6...
187
188   ---- Authentication information ---
189   Algorithm: sha1-hmac
190   Auth key: at [0x7f56db4d80], len=16
191   00000000: 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F | ................
192   IV: at [0x7f56db4a80], len=0
193   AAD: at [0x7f253ceb80], len=
194