diff options
author | Luca Boccassi <luca.boccassi@gmail.com> | 2017-08-16 18:42:05 +0100 |
---|---|---|
committer | Luca Boccassi <luca.boccassi@gmail.com> | 2017-08-16 18:46:04 +0100 |
commit | f239aed5e674965691846e8ce3f187dd47523689 (patch) | |
tree | a153a3125c6e183c73871a8ecaa4b285fed5fbd5 /doc/guides/cryptodevs | |
parent | bf7567fd2a5b0b28ab724046143c24561d38d015 (diff) |
New upstream version 17.08
Change-Id: I288b50990f52646089d6b1f3aaa6ba2f091a51d7
Signed-off-by: Luca Boccassi <luca.boccassi@gmail.com>
Diffstat (limited to 'doc/guides/cryptodevs')
-rw-r--r-- | doc/guides/cryptodevs/aesni_gcm.rst | 66 | ||||
-rw-r--r-- | doc/guides/cryptodevs/aesni_mb.rst | 26 | ||||
-rw-r--r-- | doc/guides/cryptodevs/armv8.rst | 4 | ||||
-rw-r--r-- | doc/guides/cryptodevs/dpaa2_sec.rst | 11 | ||||
-rw-r--r-- | doc/guides/cryptodevs/features/aesni_gcm.ini | 5 | ||||
-rw-r--r-- | doc/guides/cryptodevs/features/dpaa2_sec.ini | 8 | ||||
-rw-r--r-- | doc/guides/cryptodevs/kasumi.rst | 34 | ||||
-rw-r--r-- | doc/guides/cryptodevs/null.rst | 3 | ||||
-rw-r--r-- | doc/guides/cryptodevs/openssl.rst | 4 | ||||
-rw-r--r-- | doc/guides/cryptodevs/qat.rst | 55 | ||||
-rw-r--r-- | doc/guides/cryptodevs/scheduler.rst | 33 | ||||
-rw-r--r-- | doc/guides/cryptodevs/snow3g.rst | 14 | ||||
-rw-r--r-- | doc/guides/cryptodevs/zuc.rst | 6 |
13 files changed, 210 insertions, 59 deletions
diff --git a/doc/guides/cryptodevs/aesni_gcm.rst b/doc/guides/cryptodevs/aesni_gcm.rst index 84cdc52a..6e9160aa 100644 --- a/doc/guides/cryptodevs/aesni_gcm.rst +++ b/doc/guides/cryptodevs/aesni_gcm.rst @@ -1,5 +1,5 @@ .. BSD LICENSE - Copyright(c) 2016 Intel Corporation. All rights reserved. + Copyright(c) 2016-2017 Intel Corporation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -32,36 +32,68 @@ AES-NI GCM Crypto Poll Mode Driver The AES-NI GCM PMD (**librte_pmd_aesni_gcm**) provides poll mode crypto driver -support for utilizing Intel ISA-L crypto library, which provides operation acceleration -through the AES-NI instruction sets for AES-GCM authenticated cipher algorithm. +support for utilizing Intel multi buffer library (see AES-NI Multi-buffer PMD documentation +to learn more about it, including installation). Features -------- AESNI GCM PMD has support for: -Cipher algorithms: - -* RTE_CRYPTO_CIPHER_AES_GCM - Authentication algorithms: -* RTE_CRYPTO_AUTH_AES_GCM * RTE_CRYPTO_AUTH_AES_GMAC +AEAD algorithms: + +* RTE_CRYPTO_AEAD_AES_GCM + + +Limitations +----------- + +* Chained mbufs are supported but only out-of-place (destination mbuf must be contiguous). +* Cipher only is not supported. + + Installation ------------ -To build DPDK with the AESNI_GCM_PMD the user is required to install -the ``libisal_crypto`` library in the build environment. -For download and more details please visit `<https://github.com/01org/isa-l_crypto>`_. +To build DPDK with the AESNI_GCM_PMD the user is required to download the multi-buffer +library from `here <https://github.com/01org/intel-ipsec-mb>`_ +and compile it on their user system before building DPDK. +The latest version of the library supported by this PMD is v0.46, which +can be downloaded in `<https://github.com/01org/intel-ipsec-mb/archive/v0.46.zip>`_. + +.. code-block:: console + + make + +As a reference, the following table shows a mapping between the past DPDK versions +and the external crypto libraries supported by them: + +.. _table_aesni_gcm_versions: + +.. table:: DPDK and external crypto library version compatibility + + ============= ================================ + DPDK version Crypto library version + ============= ================================ + 16.04 - 16.11 Multi-buffer library 0.43 - 0.44 + 17.02 - 17.05 ISA-L Crypto v2.18 + 17.08+ Multi-buffer library 0.46+ + ============= ================================ + Initialization -------------- In order to enable this virtual crypto PMD, user must: -* Install the ISA-L crypto library (explained in Installation section). +* Export the environmental variable AESNI_MULTI_BUFFER_LIB_PATH with the path where + the library was extracted. + +* Build the multi buffer library (explained in Installation section). * Set CONFIG_RTE_LIBRTE_PMD_AESNI_GCM=y in config/common_base. @@ -84,11 +116,5 @@ Example: .. code-block:: console - ./l2fwd-crypto -l 6 -n 4 --vdev="crypto_aesni_gcm,socket_id=1,max_nb_sessions=128" - -Limitations ------------ - -* Chained mbufs are supported but only out-of-place (destination mbuf must be contiguous). -* Hash only is not supported. -* Cipher only is not supported. + ./l2fwd-crypto -l 1 -n 4 --vdev="crypto_aesni_gcm,socket_id=0,max_nb_sessions=128" \ + -- -p 1 --cdev SW --chain AEAD --aead_algo "aes-gcm" diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index ecb52a10..b3b937fe 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -1,5 +1,5 @@ .. BSD LICENSE - Copyright(c) 2015 Intel Corporation. All rights reserved. + Copyright(c) 2015-2017 Intel Corporation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -68,7 +68,7 @@ Limitations * Chained mbufs are not supported. * Only in-place is currently supported (destination address is the same as source address). -* Only supports session-oriented API implementation (session-less APIs are not supported). + Installation ------------ @@ -76,8 +76,8 @@ Installation To build DPDK with the AESNI_MB_PMD the user is required to download the multi-buffer library from `here <https://github.com/01org/intel-ipsec-mb>`_ and compile it on their user system before building DPDK. -The latest version of the library supported by this PMD is v0.45, which -can be downloaded in `<https://github.com/01org/intel-ipsec-mb/archive/v0.45.zip>`_. +The latest version of the library supported by this PMD is v0.46, which +can be downloaded in `<https://github.com/01org/intel-ipsec-mb/archive/v0.46.zip>`_. .. code-block:: console @@ -95,7 +95,7 @@ and the Multi-Buffer library version supported by them: ============= ============================ 2.2 - 16.11 0.43 - 0.44 17.02 0.44 - 17.05 0.45 + 17.05+ 0.45+ ============= ============================ @@ -130,4 +130,18 @@ Example: .. code-block:: console - ./l2fwd-crypto -l 6 -n 4 --vdev="crypto_aesni_mb,socket_id=1,max_nb_sessions=128" + ./l2fwd-crypto -l 1 -n 4 --vdev="crypto_aesni_mb,socket_id=0,max_nb_sessions=128" \ + -- -p 1 --cdev SW --chain CIPHER_HASH --cipher_algo "aes-cbc" --auth_algo "sha1-hmac" + +Extra notes +----------- + +For AES Counter mode (AES-CTR), the library supports two different sizes for Initialization +Vector (IV): + +* 12 bytes: used mainly for IPSec, as it requires 12 bytes from the user, which internally + are appended the counter block (4 bytes), which is set to 1 for the first block + (no padding required from the user) + +* 16 bytes: when passing 16 bytes, the library will take them and use the last 4 bytes + as the initial counter block for the first block. diff --git a/doc/guides/cryptodevs/armv8.rst b/doc/guides/cryptodevs/armv8.rst index de63793f..b1107114 100644 --- a/doc/guides/cryptodevs/armv8.rst +++ b/doc/guides/cryptodevs/armv8.rst @@ -1,5 +1,5 @@ .. BSD LICENSE - Copyright (C) Cavium networks Ltd. 2017. + Copyright (C) Cavium, Inc. 2017. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -11,7 +11,7 @@ notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. - * Neither the name of Cavium networks nor the names of its + * Neither the name of Cavium, Inc nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. diff --git a/doc/guides/cryptodevs/dpaa2_sec.rst b/doc/guides/cryptodevs/dpaa2_sec.rst index becb910e..18d980eb 100644 --- a/doc/guides/cryptodevs/dpaa2_sec.rst +++ b/doc/guides/cryptodevs/dpaa2_sec.rst @@ -1,5 +1,5 @@ .. BSD LICENSE - Copyright(c) 2016 NXP. All rights reserved. + Copyright 2016 NXP. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions @@ -126,7 +126,7 @@ fits in the DPAA2 Bus model Features -------- -The DPAA2 PMD has support for: +The DPAA2_SEC PMD has support for: Cipher algorithms: @@ -134,6 +134,9 @@ Cipher algorithms: * ``RTE_CRYPTO_CIPHER_AES128_CBC`` * ``RTE_CRYPTO_CIPHER_AES192_CBC`` * ``RTE_CRYPTO_CIPHER_AES256_CBC`` +* ``RTE_CRYPTO_CIPHER_AES128_CTR`` +* ``RTE_CRYPTO_CIPHER_AES192_CTR`` +* ``RTE_CRYPTO_CIPHER_AES256_CTR`` Hash algorithms: @@ -144,6 +147,10 @@ Hash algorithms: * ``RTE_CRYPTO_AUTH_SHA512_HMAC`` * ``RTE_CRYPTO_AUTH_MD5_HMAC`` +AEAD algorithms: + +* ``RTE_CRYPTO_AEAD_AES_GCM`` + Supported DPAA2 SoCs -------------------- diff --git a/doc/guides/cryptodevs/features/aesni_gcm.ini b/doc/guides/cryptodevs/features/aesni_gcm.ini index 5d9e119d..bacd94e3 100644 --- a/doc/guides/cryptodevs/features/aesni_gcm.ini +++ b/doc/guides/cryptodevs/features/aesni_gcm.ini @@ -7,7 +7,9 @@ Symmetric crypto = Y Sym operation chaining = Y CPU AESNI = Y - +CPU SSE = Y +CPU AVX = Y +CPU AVX2 = Y ; ; Supported crypto algorithms of the 'aesni_gcm' crypto driver. ; @@ -24,4 +26,5 @@ AES GMAC = Y ; [AEAD] AES GCM (128) = Y +AES GCM (192) = Y AES GCM (256) = Y diff --git a/doc/guides/cryptodevs/features/dpaa2_sec.ini b/doc/guides/cryptodevs/features/dpaa2_sec.ini index db0ea4f9..c3bb3ddc 100644 --- a/doc/guides/cryptodevs/features/dpaa2_sec.ini +++ b/doc/guides/cryptodevs/features/dpaa2_sec.ini @@ -15,6 +15,9 @@ HW Accelerated = Y AES CBC (128) = Y AES CBC (192) = Y AES CBC (256) = Y +AES CTR (128) = Y +AES CTR (192) = Y +AES CTR (256) = Y 3DES CBC = Y ; @@ -29,6 +32,9 @@ SHA384 HMAC = Y SHA512 HMAC = Y ; -; Supported AEAD algorithms of the 'openssl' crypto driver. +; Supported AEAD algorithms of the 'dpaa2_sec' crypto driver. ; [AEAD] +AES GCM (128) = Y +AES GCM (192) = Y +AES GCM (256) = Y diff --git a/doc/guides/cryptodevs/kasumi.rst b/doc/guides/cryptodevs/kasumi.rst index bff9321e..573312b4 100644 --- a/doc/guides/cryptodevs/kasumi.rst +++ b/doc/guides/cryptodevs/kasumi.rst @@ -51,7 +51,7 @@ Limitations ----------- * Chained mbufs are not supported. -* KASUMI(F9) supported only if hash offset field is byte-aligned. +* KASUMI(F9) supported only if hash offset and length field is byte-aligned. * In-place bit-level operations for KASUMI(F8) are not supported (if length and/or offset of data to be ciphered is not byte-aligned). @@ -70,6 +70,18 @@ on their system before building DPDK:: make +**Note**: When encrypting with KASUMI F8, by default the library +encrypts full blocks of 8 bytes, regardless the number of bytes to +be encrypted provided (which leads to a possible buffer overflow). +To avoid this situation, it is necessary not to pass +3GPP_SAFE_BUFFERS as a compilation flag. +Also, this is required when using chained operations +(cipher-then-auth/auth-then-cipher). +For this, in the Makefile of the library, make sure that this flag +is commented out:: + + #EXTRA_CFLAGS += -D_3GPP_SAFE_BUFFERS + **Note**: To build the PMD as a shared library, the libsso_kasumi library must be built as follows:: @@ -107,4 +119,22 @@ Example: .. code-block:: console - ./l2fwd-crypto -l 6 -n 4 --vdev="crypto_kasumi,socket_id=1,max_nb_sessions=128" + ./l2fwd-crypto -l 1 -n 4 --vdev="crypto_kasumi,socket_id=0,max_nb_sessions=128" \ + -- -p 1 --cdev SW --chain CIPHER_ONLY --cipher_algo "kasumi-f8" + +Extra notes on KASUMI F9 +------------------------ + +When using KASUMI F9 authentication algorithm, the input buffer must be +constructed according to the 3GPP KASUMI specifications (section 4.4, page 13): +`<http://cryptome.org/3gpp/35201-900.pdf>`_. +Input buffer has to have COUNT (4 bytes), FRESH (4 bytes), MESSAGE and DIRECTION (1 bit) +concatenated. After the DIRECTION bit, a single '1' bit is appended, followed by +between 0 and 7 '0' bits, so that the total length of the buffer is multiple of 8 bits. +Note that the actual message can be any length, specified in bits. + +Once this buffer is passed this way, when creating the crypto operation, +length of data to authenticate (op.sym.auth.data.length) must be the length +of all the items described above, including the padding at the end. +Also, offset of data to authenticate (op.sym.auth.data.offset) +must be such that points at the start of the COUNT bytes. diff --git a/doc/guides/cryptodevs/null.rst b/doc/guides/cryptodevs/null.rst index 4a3bfdfd..03a3ddc0 100644 --- a/doc/guides/cryptodevs/null.rst +++ b/doc/guides/cryptodevs/null.rst @@ -93,4 +93,5 @@ Example: .. code-block:: console - ./l2fwd-crypto -l 6 -n 4 --vdev="crypto_null,socket_id=1,max_nb_sessions=128" + ./l2fwd-crypto -l 1 -n 4 --vdev="crypto_null,socket_id=0,max_nb_sessions=128" \ + -- -p 1 --cdev SW --chain CIPHER_ONLY --cipher_algo "null" diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst index e3419151..f18a4567 100644 --- a/doc/guides/cryptodevs/openssl.rst +++ b/doc/guides/cryptodevs/openssl.rst @@ -48,7 +48,6 @@ Supported cipher algorithms: * ``RTE_CRYPTO_CIPHER_AES_CBC`` * ``RTE_CRYPTO_CIPHER_AES_CTR`` * ``RTE_CRYPTO_CIPHER_3DES_CTR`` -* ``RTE_CRYPTO_CIPHER_AES_GCM`` * ``RTE_CRYPTO_CIPHER_DES_DOCSISBPI`` Supported authentication algorithms: @@ -66,6 +65,9 @@ Supported authentication algorithms: * ``RTE_CRYPTO_AUTH_SHA384_HMAC`` * ``RTE_CRYPTO_AUTH_SHA512_HMAC`` +Supported AEAD algorithms: +* ``RTE_CRYPTO_AEAD_AES_GCM`` + Installation ------------ diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst index 21b56fc6..a3fce7b8 100644 --- a/doc/guides/cryptodevs/qat.rst +++ b/doc/guides/cryptodevs/qat.rst @@ -55,7 +55,6 @@ Cipher algorithms: * ``RTE_CRYPTO_CIPHER_AES192_CTR`` * ``RTE_CRYPTO_CIPHER_AES256_CTR`` * ``RTE_CRYPTO_CIPHER_SNOW3G_UEA2`` -* ``RTE_CRYPTO_CIPHER_AES_GCM`` * ``RTE_CRYPTO_CIPHER_NULL`` * ``RTE_CRYPTO_CIPHER_KASUMI_F8`` * ``RTE_CRYPTO_CIPHER_DES_CBC`` @@ -78,14 +77,16 @@ Hash algorithms: * ``RTE_CRYPTO_AUTH_AES_GMAC`` * ``RTE_CRYPTO_AUTH_ZUC_EIA3`` +Supported AEAD algorithms: +* ``RTE_CRYPTO_AEAD_AES_GCM`` + Limitations ----------- -* Hash only is not supported except SNOW 3G UIA2 and KASUMI F9. * Only supports the session-oriented API implementation (session-less APIs are not supported). -* SNOW 3G (UEA2) and KASUMI (F8) supported only if cipher length, cipher offset fields are byte-aligned. -* SNOW 3G (UIA2) and KASUMI (F9) supported only if hash length, hash offset fields are byte-aligned. +* SNOW 3G (UEA2), KASUMI (F8) and ZUC (EEA3) supported only if cipher length and offset fields are byte-multiple. +* SNOW 3G (UIA2) and ZUC (EIA3) supported only if hash length and offset fields are byte-multiple. * No BSD support as BSD QAT kernel driver not available. * ZUC EEA3/EIA3 is not supported by dh895xcc devices * Maximum additional authenticated data (AAD) for GCM is 240 bytes long. @@ -112,21 +113,21 @@ available kernel drivers and device ids are : .. _table_qat_pmds_drivers: -.. table:: QAT devices and drivers +.. table:: QAT device generations, devices and drivers - +----------+--------+---------------+------------+--------+---------+--------+------------+ - | Device | Driver | Kernel Module | Pci Driver | PF Did | Num PFs | Vf Did | VFs per PF | - +==========+========+===============+============+========+=========+========+============+ - | DH895xCC | 01.org | icp_qa_al | n/a | 435 | 1 | 443 | 32 | - +----------+--------+---------------+------------+--------+---------+--------+------------+ - | DH895xCC | 4.4+ | qat_dh895xcc | dh895xcc | 435 | 1 | 443 | 32 | - +----------+--------+---------------+------------+--------+---------+--------+------------+ - | C62x | 4.5+ | qat_c62x | c6xx | 37c8 | 3 | 37c9 | 16 | - +----------+--------+---------------+------------+--------+---------+--------+------------+ - | C3xxx | 4.5+ | qat_c3xxx | c3xxx | 19e2 | 1 | 19e3 | 16 | - +----------+--------+---------------+------------+--------+---------+--------+------------+ - | D15xx | p | qat_d15xx | d15xx | 6f54 | 1 | 6f55 | 16 | - +----------+--------+---------------+------------+--------+---------+--------+------------+ + +-----+----------+--------+---------------+------------+--------+------+--------+--------+ + | Gen | Device | Driver | Kernel Module | Pci Driver | PF Did | #PFs | Vf Did | VFs/PF | + +=====+==========+========+===============+============+========+======+========+========+ + | 1 | DH895xCC | 01.org | icp_qa_al | n/a | 435 | 1 | 443 | 32 | + +-----+----------+--------+---------------+------------+--------+------+--------+--------+ + | 1 | DH895xCC | 4.4+ | qat_dh895xcc | dh895xcc | 435 | 1 | 443 | 32 | + +-----+----------+--------+---------------+------------+--------+------+--------+--------+ + | 2 | C62x | 4.5+ | qat_c62x | c6xx | 37c8 | 3 | 37c9 | 16 | + +-----+----------+--------+---------------+------------+--------+------+--------+--------+ + | 2 | C3xxx | 4.5+ | qat_c3xxx | c3xxx | 19e2 | 1 | 19e3 | 16 | + +-----+----------+--------+---------------+------------+--------+------+--------+--------+ + | 2 | D15xx | p | qat_d15xx | d15xx | 6f54 | 1 | 6f55 | 16 | + +-----+----------+--------+---------------+------------+--------+------+--------+--------+ The ``Driver`` column indicates either the Linux kernel version in which @@ -364,3 +365,21 @@ Another way to bind the VFs to the DPDK UIO driver is by using the cd to the top-level DPDK directory ./usertools/dpdk-devbind.py -b igb_uio 0000:03:01.1 + + +Extra notes on KASUMI F9 +------------------------ + +When using KASUMI F9 authentication algorithm, the input buffer must be +constructed according to the 3GPP KASUMI specifications (section 4.4, page 13): +`<http://cryptome.org/3gpp/35201-900.pdf>`_. +Input buffer has to have COUNT (4 bytes), FRESH (4 bytes), MESSAGE and DIRECTION (1 bit) +concatenated. After the DIRECTION bit, a single '1' bit is appended, followed by +between 0 and 7 '0' bits, so that the total length of the buffer is multiple of 8 bits. +Note that the actual message can be any length, specified in bits. + +Once this buffer is passed this way, when creating the crypto operation, +length of data to authenticate (op.sym.auth.data.length) must be the length +of all the items described above, including the padding at the end. +Also, offset of data to authenticate (op.sym.auth.data.offset) +must be such that points at the start of the COUNT bytes. diff --git a/doc/guides/cryptodevs/scheduler.rst b/doc/guides/cryptodevs/scheduler.rst index 32e56537..e7e0247b 100644 --- a/doc/guides/cryptodevs/scheduler.rst +++ b/doc/guides/cryptodevs/scheduler.rst @@ -72,9 +72,9 @@ Initialization To use the PMD in an application, user must: -* Call rte_vdev_init("crpyto_scheduler") within the application. +* Call rte_vdev_init("crypto_scheduler") within the application. -* Use --vdev="crpyto_scheduler" in the EAL options, which will call +* Use --vdev="crypto_scheduler" in the EAL options, which will call rte_vdev_init() internally. @@ -106,7 +106,7 @@ Example: .. code-block:: console - ... --vdev "crypto_aesni_mb_pmd,name=aesni_mb_1" --vdev "crypto_aesni_mb_pmd,name=aesni_mb_2" --vdev "crypto_scheduler_pmd,slave=aesni_mb_1,slave=aesni_mb_2" ... + ... --vdev "crypto_aesni_mb0,name=aesni_mb_1" --vdev "crypto_aesni_mb1,name=aesni_mb_2" --vdev "crypto_scheduler,slave=aesni_mb_1,slave=aesni_mb_2" ... .. note:: @@ -170,3 +170,30 @@ operation: crypto operation burst to the primary slave. When one or more crypto operations fail to be enqueued, then they will be enqueued to the secondary slave. + +* **CDEV_SCHED_MODE_MULTICORE:** + + *Initialization mode parameter*: **multi-core** + + Multi-core mode, which distributes the workload with several (up to eight) + worker cores. The enqueued bursts are distributed among the worker cores in a + round-robin manner. If scheduler cannot enqueue entire burst to the same worker, + it will enqueue the remaining operations to the next available worker. + For pure small packet size (64 bytes) traffic however the multi-core mode is not + an optimal solution, as it doesn't give significant per-core performance improvement. + For mixed traffic (IMIX) the optimal number of worker cores is around 2-3. + For large packets (1.5 Kbytes) scheduler shows linear scaling in performance + up to eight cores. + Each worker uses its own slave cryptodev. Only software cryptodevs + are supported. Only the same type of cryptodevs should be used concurrently. + + The multi-core mode uses one extra parameter: + + * corelist: Semicolon-separated list of logical cores to be used as workers. + The number of worker cores should be equal to the number of slave cryptodevs. + These cores should be present in EAL core list parameter and + should not be used by the application or any other process. + + Example: + ... --vdev "crypto_aesni_mb1,name=aesni_mb_1" --vdev "crypto_aesni_mb_pmd2,name=aesni_mb_2" \ + --vdev "crypto_scheduler,slave=aesni_mb_1,slave=aesni_mb_2,mode=multi-core,corelist=23;24" ... diff --git a/doc/guides/cryptodevs/snow3g.rst b/doc/guides/cryptodevs/snow3g.rst index 12b6c4af..8914e29c 100644 --- a/doc/guides/cryptodevs/snow3g.rst +++ b/doc/guides/cryptodevs/snow3g.rst @@ -69,6 +69,17 @@ on their system before building DPDK:: make snow3G +**Note**: When encrypting with SNOW3G UEA2, by default the library +encrypts blocks of 4 bytes, regardless the number of bytes to +be encrypted provided (which leads to a possible buffer overflow). +To avoid this situation, it is necessary not to pass +3GPP_SAFE_BUFFERS as a compilation flag. +For this, in the Makefile of the library, make sure that this flag +is commented out.:: + + #EXTRA_CFLAGS += -D_3GPP_SAFE_BUFFERS + + Initialization -------------- @@ -100,4 +111,5 @@ Example: .. code-block:: console - ./l2fwd-crypto -l 6 -n 4 --vdev="crypto_snow3g,socket_id=1,max_nb_sessions=128" + ./l2fwd-crypto -l 1 -n 4 --vdev="crypto_snow3g,socket_id=0,max_nb_sessions=128" \ + -- -p 1 --cdev SW --chain CIPHER_ONLY --cipher_algo "snow3g-uea2" diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst index 6deb11ab..7fcfc077 100644 --- a/doc/guides/cryptodevs/zuc.rst +++ b/doc/guides/cryptodevs/zuc.rst @@ -79,6 +79,9 @@ In order to enable this virtual crypto PMD, user must: * Export the environmental variable LIBSSO_ZUC_PATH with the path where the library was extracted (zuc folder). +* Export the environmental variable LD_LIBRARY_PATH with the path + where the built libsso library is (LIBSSO_ZUC_PATH/build). + * Build the LIBSSO_ZUC library (explained in Installation section). * Build DPDK as follows: @@ -108,4 +111,5 @@ Example: .. code-block:: console - ./l2fwd-crypto -l 6 -n 4 --vdev="crypto_zuc,socket_id=1,max_nb_sessions=128" + ./l2fwd-crypto -l 1 -n 4 --vdev="crypto_zuc,socket_id=0,max_nb_sessions=128" \ + -- -p 1 --cdev SW --chain CIPHER_ONLY --cipher_algo "zuc-eea3" |