1.. SPDX-License-Identifier: BSD-3-Clause 2 Copyright(c) 2016 Intel Corporation. 3 4OpenSSL Crypto Poll Mode Driver 5=============================== 6 7This code provides the initial implementation of the openssl poll mode 8driver. All cryptography operations are using Openssl library crypto API. 9Each algorithm uses EVP interface from openssl API - which is recommended 10by Openssl maintainers. 11 12For more details about openssl library please visit openssl webpage: 13https://www.openssl.org/ 14 15Features 16-------- 17 18OpenSSL PMD has support for: 19 20Supported cipher algorithms: 21 22* ``RTE_CRYPTO_CIPHER_3DES_CBC`` 23* ``RTE_CRYPTO_CIPHER_AES_CBC`` 24* ``RTE_CRYPTO_CIPHER_AES_CTR`` 25* ``RTE_CRYPTO_CIPHER_3DES_CTR`` 26* ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI`` 27 28Supported authentication algorithms: 29 30* ``RTE_CRYPTO_AUTH_AES_GMAC`` 31* ``RTE_CRYPTO_AUTH_MD5`` 32* ``RTE_CRYPTO_AUTH_SHA1`` 33* ``RTE_CRYPTO_AUTH_SHA224`` 34* ``RTE_CRYPTO_AUTH_SHA256`` 35* ``RTE_CRYPTO_AUTH_SHA384`` 36* ``RTE_CRYPTO_AUTH_SHA512`` 37* ``RTE_CRYPTO_AUTH_MD5_HMAC`` 38* ``RTE_CRYPTO_AUTH_SHA1_HMAC`` 39* ``RTE_CRYPTO_AUTH_SHA224_HMAC`` 40* ``RTE_CRYPTO_AUTH_SHA256_HMAC`` 41* ``RTE_CRYPTO_AUTH_SHA384_HMAC`` 42* ``RTE_CRYPTO_AUTH_SHA512_HMAC`` 43 44Supported AEAD algorithms: 45 46* ``RTE_CRYPTO_AEAD_AES_GCM`` 47* ``RTE_CRYPTO_AEAD_AES_CCM`` 48 49 50Installation 51------------ 52 53To compile openssl PMD, it has to be enabled in the config/common_base file 54and appropriate openssl packages have to be installed in the build environment. 55 56The newest openssl library version is supported: 57 58* 1.0.2h-fips 3 May 2016. 59 60Older versions that were also verified: 61 62* 1.0.1f 6 Jan 2014 63* 1.0.1 14 Mar 2012 64 65For Ubuntu 14.04 LTS these packages have to be installed in the build system: 66 67.. code-block:: console 68 69 sudo apt-get install openssl 70 sudo apt-get install libc6-dev-i386 # for i686-native-linuxapp-gcc target 71 72This code was also verified on Fedora 24. 73This code has NOT been verified on FreeBSD yet. 74 75Initialization 76-------------- 77 78User can use app/test application to check how to use this pmd and to verify 79crypto processing. 80 81Test name is cryptodev_openssl_autotest. 82For performance test cryptodev_openssl_perftest can be used. 83For asymmetric crypto operations testing, run cryptodev_openssl_asym_autotest. 84 85To verify real traffic l2fwd-crypto example can be used with this command: 86 87.. code-block:: console 88 89 sudo ./build/l2fwd-crypto -l 0-1 -n 4 --vdev "crypto_openssl" 90 --vdev "crypto_openssl"-- -p 0x3 --chain CIPHER_HASH 91 --cipher_op ENCRYPT --cipher_algo AES_CBC 92 --cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f 93 --iv 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:ff 94 --auth_op GENERATE --auth_algo SHA1_HMAC 95 --auth_key 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 96 :11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 97 :11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 98 99Limitations 100----------- 101 102* Maximum number of sessions is 2048. 103* Chained mbufs are supported only for source mbuf (destination must be 104 contiguous). 105* Hash only is not supported for GCM and GMAC. 106* Cipher only is not supported for GCM and GMAC. 107