1.. SPDX-License-Identifier: BSD-3-Clause 2 Copyright(c) 2016 Intel Corporation. 3 4OpenSSL Crypto Poll Mode Driver 5=============================== 6 7This code provides the initial implementation of the openssl poll mode 8driver. All cryptography operations are using Openssl library crypto API. 9Each algorithm uses EVP interface from openssl API - which is recommended 10by Openssl maintainers. 11 12For more details about openssl library please visit openssl webpage: 13https://www.openssl.org/ 14 15Features 16-------- 17 18OpenSSL PMD has support for: 19 20Supported cipher algorithms: 21 22* ``RTE_CRYPTO_CIPHER_3DES_CBC`` 23* ``RTE_CRYPTO_CIPHER_AES_CBC`` 24* ``RTE_CRYPTO_CIPHER_AES_CTR`` 25* ``RTE_CRYPTO_CIPHER_3DES_CTR`` 26* ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI`` 27 28Supported authentication algorithms: 29 30* ``RTE_CRYPTO_AUTH_AES_GMAC`` 31* ``RTE_CRYPTO_AUTH_MD5`` 32* ``RTE_CRYPTO_AUTH_SHA1`` 33* ``RTE_CRYPTO_AUTH_SHA224`` 34* ``RTE_CRYPTO_AUTH_SHA256`` 35* ``RTE_CRYPTO_AUTH_SHA384`` 36* ``RTE_CRYPTO_AUTH_SHA512`` 37* ``RTE_CRYPTO_AUTH_MD5_HMAC`` 38* ``RTE_CRYPTO_AUTH_SHA1_HMAC`` 39* ``RTE_CRYPTO_AUTH_SHA224_HMAC`` 40* ``RTE_CRYPTO_AUTH_SHA256_HMAC`` 41* ``RTE_CRYPTO_AUTH_SHA384_HMAC`` 42* ``RTE_CRYPTO_AUTH_SHA512_HMAC`` 43 44Supported AEAD algorithms: 45 46* ``RTE_CRYPTO_AEAD_AES_GCM`` 47* ``RTE_CRYPTO_AEAD_AES_CCM`` 48 49Supported Asymmetric Crypto algorithms: 50 51* ``RTE_CRYPTO_ASYM_XFORM_RSA`` 52* ``RTE_CRYPTO_ASYM_XFORM_DSA`` 53* ``RTE_CRYPTO_ASYM_XFORM_DH`` 54* ``RTE_CRYPTO_ASYM_XFORM_MODINV`` 55* ``RTE_CRYPTO_ASYM_XFORM_MODEX`` 56* ``RTE_CRYPTO_ASYM_XFORM_SM2`` 57 58 59Installation 60------------ 61 62To compile the OpenSSL PMD the openssl library must be installed. It will 63then be picked up by the Meson/Ninja build system. 64 65To ensure that you have the latest security fixes it is recommended that you 66use version 1.1.1g or newer. 67 68* 1.1.1g, 2020-Apr-21. https://www.openssl.org/source/ 69 70Initialization 71-------------- 72 73User can use app/test application to check how to use this PMD and to verify 74crypto processing. 75 76Test name is cryptodev_openssl_autotest. 77For asymmetric crypto operations testing, run cryptodev_openssl_asym_autotest. 78 79To verify real traffic l2fwd-crypto example can be used with this command: 80 81.. code-block:: console 82 83 sudo ./<build_dir>/examples/dpdk-l2fwd-crypto -l 0-1 -n 4 --vdev "crypto_openssl" 84 --vdev "crypto_openssl"-- -p 0x3 --chain CIPHER_HASH 85 --cipher_op ENCRYPT --cipher_algo AES_CBC 86 --cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f 87 --iv 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:ff 88 --auth_op GENERATE --auth_algo SHA1_HMAC 89 --auth_key 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 90 :11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 91 :11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 92 93Limitations 94----------- 95 96* Maximum number of sessions is 2048. 97* Chained mbufs are supported only for source mbuf (destination must be 98 contiguous). 99* Hash only is not supported for GCM and GMAC. 100* Cipher only is not supported for GCM and GMAC. 101