diff options
author | Christian Ehrhardt <christian.ehrhardt@canonical.com> | 2016-12-08 14:07:29 +0100 |
---|---|---|
committer | Christian Ehrhardt <christian.ehrhardt@canonical.com> | 2016-12-08 14:10:05 +0100 |
commit | 6b3e017e5d25f15da73f7700f7f2ac553ef1a2e9 (patch) | |
tree | 1b1fb3f903b2282e261ade69e3c17952b3fd3464 /doc/guides/cryptodevs | |
parent | 32e04ea00cd159613e04acef75e52bfca6eeff2f (diff) |
Imported Upstream version 16.11
Change-Id: I1944c65ddc88a9ad70f8c0eb6731552b84fbcb77
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Diffstat (limited to 'doc/guides/cryptodevs')
-rw-r--r-- | doc/guides/cryptodevs/aesni_gcm.rst | 6 | ||||
-rw-r--r-- | doc/guides/cryptodevs/aesni_mb.rst | 24 | ||||
-rw-r--r-- | doc/guides/cryptodevs/index.rst | 2 | ||||
-rw-r--r-- | doc/guides/cryptodevs/kasumi.rst | 18 | ||||
-rw-r--r-- | doc/guides/cryptodevs/null.rst | 6 | ||||
-rw-r--r-- | doc/guides/cryptodevs/openssl.rst | 117 | ||||
-rw-r--r-- | doc/guides/cryptodevs/qat.rst | 209 | ||||
-rw-r--r-- | doc/guides/cryptodevs/snow3g.rst | 16 | ||||
-rw-r--r-- | doc/guides/cryptodevs/zuc.rst | 111 |
9 files changed, 459 insertions, 50 deletions
diff --git a/doc/guides/cryptodevs/aesni_gcm.rst b/doc/guides/cryptodevs/aesni_gcm.rst index 7ff1c6b3..04bf43c2 100644 --- a/doc/guides/cryptodevs/aesni_gcm.rst +++ b/doc/guides/cryptodevs/aesni_gcm.rst @@ -64,9 +64,9 @@ In order to enable this virtual crypto PMD, user must: To use the PMD in an application, user must: -* Call rte_eal_vdev_init("cryptodev_aesni_gcm_pmd") within the application. +* Call rte_eal_vdev_init("crypto_aesni_gcm") within the application. -* Use --vdev="cryptodev_aesni_gcm_pmd" in the EAL options, which will call rte_eal_vdev_init() internally. +* Use --vdev="crypto_aesni_gcm" in the EAL options, which will call rte_eal_vdev_init() internally. The following parameters (all optional) can be provided in the previous two calls: @@ -81,7 +81,7 @@ Example: .. code-block:: console - ./l2fwd-crypto -c 40 -n 4 --vdev="cryptodev_aesni_gcm_pmd,socket_id=1,max_nb_sessions=128" + ./l2fwd-crypto -c 40 -n 4 --vdev="crypto_aesni_gcm,socket_id=1,max_nb_sessions=128" Limitations ----------- diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst index 60a89142..e812e957 100644 --- a/doc/guides/cryptodevs/aesni_mb.rst +++ b/doc/guides/cryptodevs/aesni_mb.rst @@ -45,18 +45,18 @@ AESNI MB PMD has support for: Cipher algorithms: -* RTE_CRYPTO_SYM_CIPHER_AES128_CBC -* RTE_CRYPTO_SYM_CIPHER_AES192_CBC -* RTE_CRYPTO_SYM_CIPHER_AES256_CBC -* RTE_CRYPTO_SYM_CIPHER_AES128_CTR -* RTE_CRYPTO_SYM_CIPHER_AES192_CTR -* RTE_CRYPTO_SYM_CIPHER_AES256_CTR +* RTE_CRYPTO_CIPHER_AES128_CBC +* RTE_CRYPTO_CIPHER_AES192_CBC +* RTE_CRYPTO_CIPHER_AES256_CBC +* RTE_CRYPTO_CIPHER_AES128_CTR +* RTE_CRYPTO_CIPHER_AES192_CTR +* RTE_CRYPTO_CIPHER_AES256_CTR Hash algorithms: -* RTE_CRYPTO_SYM_HASH_SHA1_HMAC -* RTE_CRYPTO_SYM_HASH_SHA256_HMAC -* RTE_CRYPTO_SYM_HASH_SHA512_HMAC +* RTE_CRYPTO_HASH_SHA1_HMAC +* RTE_CRYPTO_HASH_SHA256_HMAC +* RTE_CRYPTO_HASH_SHA512_HMAC Limitations ----------- @@ -96,9 +96,9 @@ In order to enable this virtual crypto PMD, user must: To use the PMD in an application, user must: -* Call rte_eal_vdev_init("cryptodev_aesni_mb_pmd") within the application. +* Call rte_eal_vdev_init("crypto_aesni_mb") within the application. -* Use --vdev="cryptodev_aesni_mb_pmd" in the EAL options, which will call rte_eal_vdev_init() internally. +* Use --vdev="crypto_aesni_mb" in the EAL options, which will call rte_eal_vdev_init() internally. The following parameters (all optional) can be provided in the previous two calls: @@ -113,4 +113,4 @@ Example: .. code-block:: console - ./l2fwd-crypto -c 40 -n 4 --vdev="cryptodev_aesni_mb_pmd,socket_id=1,max_nb_sessions=128" + ./l2fwd-crypto -c 40 -n 4 --vdev="crypto_aesni_mb,socket_id=1,max_nb_sessions=128" diff --git a/doc/guides/cryptodevs/index.rst b/doc/guides/cryptodevs/index.rst index 9616de1e..a6a9f23c 100644 --- a/doc/guides/cryptodevs/index.rst +++ b/doc/guides/cryptodevs/index.rst @@ -39,6 +39,8 @@ Crypto Device Drivers aesni_mb aesni_gcm kasumi + openssl null snow3g qat + zuc diff --git a/doc/guides/cryptodevs/kasumi.rst b/doc/guides/cryptodevs/kasumi.rst index 7346b217..90d8e7b3 100644 --- a/doc/guides/cryptodevs/kasumi.rst +++ b/doc/guides/cryptodevs/kasumi.rst @@ -41,11 +41,11 @@ KASUMI PMD has support for: Cipher algorithm: -* RTE_CRYPTO_SYM_CIPHER_KASUMI_F8 +* RTE_CRYPTO_CIPHER_KASUMI_F8 Authentication algorithm: -* RTE_CRYPTO_SYM_AUTH_KASUMI_F9 +* RTE_CRYPTO_AUTH_KASUMI_F9 Limitations ----------- @@ -68,7 +68,13 @@ and click on "Kasumi Bit Stream crypto library" link, to download the library. After downloading the library, the user needs to unpack and compile it on their system before building DPDK:: - make kasumi + make + +**Note**: To build the PMD as a shared library, the libsso_kasumi +library must be built as follows:: + + make KASUMI_CFLAGS=-DKASUMI_C + Initialization -------------- @@ -84,9 +90,9 @@ In order to enable this virtual crypto PMD, user must: To use the PMD in an application, user must: -* Call rte_eal_vdev_init("cryptodev_kasumi_pmd") within the application. +* Call rte_eal_vdev_init("crypto_kasumi") within the application. -* Use --vdev="cryptodev_kasumi_pmd" in the EAL options, which will call rte_eal_vdev_init() internally. +* Use --vdev="crypto_kasumi" in the EAL options, which will call rte_eal_vdev_init() internally. The following parameters (all optional) can be provided in the previous two calls: @@ -101,4 +107,4 @@ Example: .. code-block:: console - ./l2fwd-crypto -c 40 -n 4 --vdev="cryptodev_kasumi_pmd,socket_id=1,max_nb_sessions=128" + ./l2fwd-crypto -c 40 -n 4 --vdev="crypto_kasumi,socket_id=1,max_nb_sessions=128" diff --git a/doc/guides/cryptodevs/null.rst b/doc/guides/cryptodevs/null.rst index b68d4cd2..ec5bc70d 100644 --- a/doc/guides/cryptodevs/null.rst +++ b/doc/guides/cryptodevs/null.rst @@ -76,9 +76,9 @@ Initialization To use the PMD in an application, user must: -* Call rte_eal_vdev_init("cryptodev_null_pmd") within the application. +* Call rte_eal_vdev_init("crypto_null") within the application. -* Use --vdev="cryptodev_null_pmd" in the EAL options, which will call rte_eal_vdev_init() internally. +* Use --vdev="crypto_null" in the EAL options, which will call rte_eal_vdev_init() internally. The following parameters (all optional) can be provided in the previous two calls: @@ -93,4 +93,4 @@ Example: .. code-block:: console - ./l2fwd-crypto -c 40 -n 4 --vdev="cryptodev_null_pmd,socket_id=1,max_nb_sessions=128" + ./l2fwd-crypto -c 40 -n 4 --vdev="crypto_null,socket_id=1,max_nb_sessions=128" diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst new file mode 100644 index 00000000..d2b5906d --- /dev/null +++ b/doc/guides/cryptodevs/openssl.rst @@ -0,0 +1,117 @@ +.. BSD LICENSE + Copyright(c) 2016 Intel Corporation. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + * Neither the name of Intel Corporation nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +OpenSSL Crypto Poll Mode Driver +=============================== + +This code provides the initial implementation of the openssl poll mode +driver. All cryptography operations are using Openssl library crypto API. +Each algorithm uses EVP interface from openssl API - which is recommended +by Openssl maintainers. + +For more details about openssl library please visit openssl webpage: +https://www.openssl.org/ + +Features +-------- + +OpenSSL PMD has support for: + +Supported cipher algorithms: +* ``RTE_CRYPTO_CIPHER_3DES_CBC`` +* ``RTE_CRYPTO_CIPHER_AES_CBC`` +* ``RTE_CRYPTO_CIPHER_AES_CTR`` +* ``RTE_CRYPTO_CIPHER_3DES_CTR`` +* ``RTE_CRYPTO_CIPHER_AES_GCM`` + +Supported authentication algorithms: +* ``RTE_CRYPTO_AUTH_AES_GMAC`` +* ``RTE_CRYPTO_AUTH_MD5`` +* ``RTE_CRYPTO_AUTH_SHA1`` +* ``RTE_CRYPTO_AUTH_SHA224`` +* ``RTE_CRYPTO_AUTH_SHA256`` +* ``RTE_CRYPTO_AUTH_SHA384`` +* ``RTE_CRYPTO_AUTH_SHA512`` +* ``RTE_CRYPTO_AUTH_MD5_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA1_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA224_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA256_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA384_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA512_HMAC`` + + +Installation +------------ + +To compile openssl PMD, it has to be enabled in the config/common_base file +and appropriate openssl packages have to be installed in the build environment. + +The newest openssl library version is supported: +* 1.0.2h-fips 3 May 2016. +Older versions that were also verified: +* 1.0.1f 6 Jan 2014 +* 1.0.1 14 Mar 2012 + +For Ubuntu 14.04 LTS these packages have to be installed in the build system: +sudo apt-get install openssl +sudo apt-get install libc6-dev-i386 (for i686-native-linuxapp-gcc target) + +This code was also verified on Fedora 24. +This code was NOT yet verified on FreeBSD. + +Initialization +-------------- + +User can use app/test application to check how to use this pmd and to verify +crypto processing. + +Test name is cryptodev_openssl_autotest. +For performance test cryptodev_openssl_perftest can be used. + +To verify real traffic l2fwd-crypto example can be used with this command: + +.. code-block:: console + +sudo ./build/l2fwd-crypto -c 0x3 -n 4 --vdev "crypto_openssl" +--vdev "crypto_openssl"-- -p 0x3 --chain CIPHER_HASH +--cipher_op ENCRYPT --cipher_algo AES_CBC +--cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f +--iv 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:ff +--auth_op GENERATE --auth_algo SHA1_HMAC +--auth_key 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 +:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 +:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 + +Limitations +----------- + +* Maximum number of sessions is 2048. +* Chained mbufs are not supported. +* Hash only is not supported for GCM and GMAC. +* Cipher only is not supported for GCM and GMAC. diff --git a/doc/guides/cryptodevs/qat.rst b/doc/guides/cryptodevs/qat.rst index cae19582..52a9ae35 100644 --- a/doc/guides/cryptodevs/qat.rst +++ b/doc/guides/cryptodevs/qat.rst @@ -27,11 +27,12 @@ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -Quick Assist Crypto Poll Mode Driver -==================================== +Intel(R) QuickAssist (QAT) Crypto Poll Mode Driver +================================================== The QAT PMD provides poll mode crypto driver support for **Intel QuickAssist -Technology DH895xxC** hardware accelerator. +Technology DH895xxC**, **Intel QuickAssist Technology C62x** and +**Intel QuickAssist Technology C3xxx** hardware accelerator. Features @@ -41,34 +42,43 @@ The QAT PMD has support for: Cipher algorithms: -* ``RTE_CRYPTO_SYM_CIPHER_AES128_CBC`` -* ``RTE_CRYPTO_SYM_CIPHER_AES192_CBC`` -* ``RTE_CRYPTO_SYM_CIPHER_AES256_CBC`` -* ``RTE_CRYPTO_SYM_CIPHER_AES128_CTR`` -* ``RTE_CRYPTO_SYM_CIPHER_AES192_CTR`` -* ``RTE_CRYPTO_SYM_CIPHER_AES256_CTR`` -* ``RTE_CRYPTO_SYM_CIPHER_SNOW3G_UEA2`` +* ``RTE_CRYPTO_CIPHER_3DES_CBC`` +* ``RTE_CRYPTO_CIPHER_3DES_CTR`` +* ``RTE_CRYPTO_CIPHER_AES128_CBC`` +* ``RTE_CRYPTO_CIPHER_AES192_CBC`` +* ``RTE_CRYPTO_CIPHER_AES256_CBC`` +* ``RTE_CRYPTO_CIPHER_AES128_CTR`` +* ``RTE_CRYPTO_CIPHER_AES192_CTR`` +* ``RTE_CRYPTO_CIPHER_AES256_CTR`` +* ``RTE_CRYPTO_CIPHER_SNOW3G_UEA2`` * ``RTE_CRYPTO_CIPHER_AES_GCM`` +* ``RTE_CRYPTO_CIPHER_NULL`` +* ``RTE_CRYPTO_CIPHER_KASUMI_F8`` Hash algorithms: * ``RTE_CRYPTO_AUTH_SHA1_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA224_HMAC`` * ``RTE_CRYPTO_AUTH_SHA256_HMAC`` +* ``RTE_CRYPTO_AUTH_SHA384_HMAC`` * ``RTE_CRYPTO_AUTH_SHA512_HMAC`` * ``RTE_CRYPTO_AUTH_AES_XCBC_MAC`` * ``RTE_CRYPTO_AUTH_SNOW3G_UIA2`` +* ``RTE_CRYPTO_AUTH_MD5_HMAC`` +* ``RTE_CRYPTO_AUTH_NULL`` +* ``RTE_CRYPTO_AUTH_KASUMI_F9`` +* ``RTE_CRYPTO_AUTH_AES_GMAC`` Limitations ----------- * Chained mbufs are not supported. -* Hash only is not supported except Snow3G UIA2. -* Cipher only is not supported except Snow3G UEA2. +* Hash only is not supported except SNOW 3G UIA2 and KASUMI F9. +* Cipher only is not supported except SNOW 3G UEA2, KASUMI F8 and 3DES. * Only supports the session-oriented API implementation (session-less APIs are not supported). -* Not performance tuned. -* Snow3g(UEA2) supported only if cipher length, cipher offset fields are byte-aligned. -* Snow3g(UIA2) supported only if hash length, hash offset fields are byte-aligned. +* SNOW 3G (UEA2) and KASUMI (F8) supported only if cipher length, cipher offset fields are byte-aligned. +* SNOW 3G (UIA2) and KASUMI (F9) supported only if hash length, hash offset fields are byte-aligned. * No BSD support as BSD QAT kernel driver not available. @@ -78,14 +88,32 @@ Installation To use the DPDK QAT PMD an SRIOV-enabled QAT kernel driver is required. The VF devices exposed by this driver will be used by QAT PMD. +To enable QAT in DPDK, follow the instructions mentioned in +http://dpdk.org/doc/guides/linux_gsg/build_dpdk.html + +Quick instructions as follows: + +.. code-block:: console + + make config T=x86_64-native-linuxapp-gcc + sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_QAT\)=n,\1=y,' build/.config + make + If you are running on kernel 4.4 or greater, see instructions for `Installation using kernel.org driver`_ below. If you are on a kernel earlier than 4.4, see `Installation using 01.org QAT driver`_. +For **Intel QuickAssist Technology C62x** and **Intel QuickAssist Technology C3xxx** +device, kernel 4.5 or greater is needed. +See instructions for `Installation using kernel.org driver`_ below. + Installation using 01.org QAT driver ------------------------------------ +NOTE: There is no driver available for **Intel QuickAssist Technology C62x** and +**Intel QuickAssist Technology C3xxx** devices on 01.org. + Download the latest QuickAssist Technology Driver from `01.org <https://01.org/packet-processing/intel%C2%AE-quickassist-technology-drivers-and-patches>`_ Consult the *Getting Started Guide* at the same URL for further information. @@ -162,6 +190,8 @@ If the build or install fails due to mismatching kernel sources you may need to Installation using kernel.org driver ------------------------------------ +For **Intel QuickAssist Technology DH895xxC**: + Assuming you are running on at least a 4.4 kernel, you can use the stock kernel.org QAT driver to start the QAT hardware. @@ -170,7 +200,9 @@ The steps below assume you are: * Running DPDK on a platform with one ``DH895xCC`` device. * On a kernel at least version 4.4. -In BIOS ensure that SRIOV is enabled and VT-d is disabled. +In BIOS ensure that SRIOV is enabled and either +a) disable VT-d or +b) enable VT-d and set ``"intel_iommu=on iommu=pt"`` in the grub file. Ensure the QAT driver is loaded on your system, by executing:: @@ -181,9 +213,9 @@ You should see the following output:: qat_dh895xcc 5626 0 intel_qat 82336 1 qat_dh895xcc -Next, you need to expose the VFs using the sysfs file system. +Next, you need to expose the Virtual Functions (VFs) using the sysfs file system. -First find the bdf of the DH895xCC device:: +First find the bdf of the physical function (PF) of the DH895xCC device:: lspci -d : 435 @@ -220,11 +252,99 @@ cd to your linux source root directory and start the qat kernel modules: **Note**:The following warning in /var/log/messages can be ignored: ``IOMMU should be enabled for SR-IOV to work correctly`` +For **Intel QuickAssist Technology C62x**: +Assuming you are running on at least a 4.5 kernel, you can use the stock kernel.org QAT +driver to start the QAT hardware. + +The steps below assume you are: + +* Running DPDK on a platform with one ``C62x`` device. +* On a kernel at least version 4.5. + +In BIOS ensure that SRIOV is enabled and either +a) disable VT-d or +b) enable VT-d and set ``"intel_iommu=on iommu=pt"`` in the grub file. + +Ensure the QAT driver is loaded on your system, by executing:: + + lsmod | grep qat + +You should see the following output:: + + qat_c62x 16384 0 + intel_qat 122880 1 qat_c62x + +Next, you need to expose the VFs using the sysfs file system. +First find the bdf of the C62x device:: + + lspci -d:37c8 + +You should see output similar to:: + + 1a:00.0 Co-processor: Intel Corporation Device 37c8 + 3d:00.0 Co-processor: Intel Corporation Device 37c8 + 3f:00.0 Co-processor: Intel Corporation Device 37c8 + +For each c62x device there are 3 PFs. +Using the sysfs, for each PF, enable the 16 VFs:: + + echo 16 > /sys/bus/pci/drivers/c6xx/0000\:1a\:00.0/sriov_numvfs + +If you get an error, it's likely you're using a QAT kernel driver earlier than kernel 4.5. + +To verify that the VFs are available for use - use ``lspci -d:37c9`` to confirm +the bdf of the 48 VF devices are available per ``C62x`` device. + +To complete the installation - follow instructions in `Binding the available VFs to the DPDK UIO driver`_. + +For **Intel QuickAssist Technology C3xxx**: +Assuming you are running on at least a 4.5 kernel, you can use the stock kernel.org QAT +driver to start the QAT hardware. + +The steps below assume you are: + +* Running DPDK on a platform with one ``C3xxx`` device. +* On a kernel at least version 4.5. + +In BIOS ensure that SRIOV is enabled and either +a) disable VT-d or +b) enable VT-d and set ``"intel_iommu=on iommu=pt"`` in the grub file. + +Ensure the QAT driver is loaded on your system, by executing:: + + lsmod | grep qat + +You should see the following output:: + + qat_c3xxx 16384 0 + intel_qat 122880 1 qat_c3xxx + +Next, you need to expose the Virtual Functions (VFs) using the sysfs file system. + +First find the bdf of the physical function (PF) of the C3xxx device + + lspci -d:19e2 + +You should see output similar to:: + + 01:00.0 Co-processor: Intel Corporation Device 19e2 + +For c3xxx device there is 1 PFs. +Using the sysfs, enable the 16 VFs:: + + echo 16 > /sys/bus/pci/drivers/c3xxx/0000\:01\:00.0/sriov_numvfs + +If you get an error, it's likely you're using a QAT kernel driver earlier than kernel 4.5. + +To verify that the VFs are available for use - use ``lspci -d:19e3`` to confirm +the bdf of the 16 VF devices are available per ``C3xxx`` device. +To complete the installation - follow instructions in `Binding the available VFs to the DPDK UIO driver`_. Binding the available VFs to the DPDK UIO driver ------------------------------------------------ +For **Intel(R) QuickAssist Technology DH895xcc** device: The unbind command below assumes ``bdfs`` of ``03:01.00-03:04.07``, if yours are different adjust the unbind command below:: cd $RTE_SDK @@ -241,3 +361,56 @@ The unbind command below assumes ``bdfs`` of ``03:01.00-03:04.07``, if yours are echo "8086 0443" > /sys/bus/pci/drivers/igb_uio/new_id You can use ``lspci -vvd:443`` to confirm that all devices are now in use by igb_uio kernel driver. + +For **Intel(R) QuickAssist Technology C62x** device: +The unbind command below assumes ``bdfs`` of ``1a:01.00-1a:02.07``, ``3d:01.00-3d:02.07`` and ``3f:01.00-3f:02.07``, +if yours are different adjust the unbind command below:: + + cd $RTE_SDK + modprobe uio + insmod ./build/kmod/igb_uio.ko + + for device in $(seq 1 2); do \ + for fn in $(seq 0 7); do \ + echo -n 0000:1a:0${device}.${fn} > \ + /sys/bus/pci/devices/0000\:1a\:0${device}.${fn}/driver/unbind; \ + + echo -n 0000:3d:0${device}.${fn} > \ + /sys/bus/pci/devices/0000\:3d\:0${device}.${fn}/driver/unbind; \ + + echo -n 0000:3f:0${device}.${fn} > \ + /sys/bus/pci/devices/0000\:3f\:0${device}.${fn}/driver/unbind; \ + done; \ + done + + echo "8086 37c9" > /sys/bus/pci/drivers/igb_uio/new_id + +You can use ``lspci -vvd:37c9`` to confirm that all devices are now in use by igb_uio kernel driver. + +For **Intel(R) QuickAssist Technology C3xxx** device: +The unbind command below assumes ``bdfs`` of ``01:01.00-01:02.07``, +if yours are different adjust the unbind command below:: + + cd $RTE_SDK + modprobe uio + insmod ./build/kmod/igb_uio.ko + + for device in $(seq 1 2); do \ + for fn in $(seq 0 7); do \ + echo -n 0000:01:0${device}.${fn} > \ + /sys/bus/pci/devices/0000\:01\:0${device}.${fn}/driver/unbind; \ + + done; \ + done + + echo "8086 19e3" > /sys/bus/pci/drivers/igb_uio/new_id + +You can use ``lspci -vvd:19e3`` to confirm that all devices are now in use by igb_uio kernel driver. + + +The other way to bind the VFs to the DPDK UIO driver is by using the ``dpdk-devbind.py`` script: + +.. code-block:: console + + cd $RTE_SDK + ./tools/dpdk-devbind.py -b igb_uio 0000:03:01.1 diff --git a/doc/guides/cryptodevs/snow3g.rst b/doc/guides/cryptodevs/snow3g.rst index 670a62a9..75a08aab 100644 --- a/doc/guides/cryptodevs/snow3g.rst +++ b/doc/guides/cryptodevs/snow3g.rst @@ -41,24 +41,24 @@ SNOW 3G PMD has support for: Cipher algorithm: -* RTE_CRYPTO_SYM_CIPHER_SNOW3G_UEA2 +* RTE_CRYPTO_CIPHER_SNOW3G_UEA2 Authentication algorithm: -* RTE_CRYPTO_SYM_AUTH_SNOW3G_UIA2 +* RTE_CRYPTO_AUTH_SNOW3G_UIA2 Limitations ----------- * Chained mbufs are not supported. -* Snow3g(UIA2) supported only if hash offset field is byte-aligned. -* In-place bit-level operations for Snow3g(UEA2) are not supported +* SNOW 3G (UIA2) supported only if hash offset field is byte-aligned. +* In-place bit-level operations for SNOW 3G (UEA2) are not supported (if length and/or offset of data to be ciphered is not byte-aligned). Installation ------------ -To build DPDK with the KASUMI_PMD the user is required to download +To build DPDK with the SNOW3G_PMD the user is required to download the export controlled ``libsso_snow3g`` library, by requesting it from `<https://networkbuilders.intel.com/network-technologies/dpdk>`_. Once approval has been granted, the user needs to log in @@ -83,9 +83,9 @@ In order to enable this virtual crypto PMD, user must: To use the PMD in an application, user must: -* Call rte_eal_vdev_init("cryptodev_snow3g_pmd") within the application. +* Call rte_eal_vdev_init("crypto_snow3g") within the application. -* Use --vdev="cryptodev_snow3g_pmd" in the EAL options, which will call rte_eal_vdev_init() internally. +* Use --vdev="crypto_snow3g" in the EAL options, which will call rte_eal_vdev_init() internally. The following parameters (all optional) can be provided in the previous two calls: @@ -100,4 +100,4 @@ Example: .. code-block:: console - ./l2fwd-crypto -c 40 -n 4 --vdev="cryptodev_snow3g_pmd,socket_id=1,max_nb_sessions=128" + ./l2fwd-crypto -c 40 -n 4 --vdev="crypto_snow3g,socket_id=1,max_nb_sessions=128" diff --git a/doc/guides/cryptodevs/zuc.rst b/doc/guides/cryptodevs/zuc.rst new file mode 100644 index 00000000..38d5068a --- /dev/null +++ b/doc/guides/cryptodevs/zuc.rst @@ -0,0 +1,111 @@ +.. BSD LICENSE + Copyright(c) 2016 Intel Corporation. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + * Neither the name of Intel Corporation nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +ZUC Crypto Poll Mode Driver +=========================== + +The ZUC PMD (**librte_pmd_zuc**) provides poll mode crypto driver +support for utilizing Intel Libsso library, which implements F8 and F9 functions +for ZUC EEA3 cipher and EIA3 hash algorithms. + +Features +-------- + +ZUC PMD has support for: + +Cipher algorithm: + +* RTE_CRYPTO_CIPHER_ZUC_EEA3 + +Authentication algorithm: + +* RTE_CRYPTO_AUTH_ZUC_EIA3 + +Limitations +----------- + +* Chained mbufs are not supported. +* ZUC (EIA3) supported only if hash offset field is byte-aligned. +* ZUC (EEA3) supported only if cipher length, cipher offset fields are byte-aligned. +* ZUC PMD cannot be built as a shared library, due to limitations in + in the underlying library. + + +Installation +------------ + +To build DPDK with the ZUC_PMD the user is required to download +the export controlled ``libsso_zuc`` library, by requesting it from +`<https://networkbuilders.intel.com/network-technologies/dpdk>`_. +Once approval has been granted, the user needs to log in +`<https://networkbuilders.intel.com/dpdklogin>`_ +and click on "ZUC Library" link, to download the library. +After downloading the library, the user needs to unpack and compile it +on their system before building DPDK:: + + make + +Initialization +-------------- + +In order to enable this virtual crypto PMD, user must: + +* Export the environmental variable LIBSSO_ZUC_PATH with the path where + the library was extracted (zuc folder). + +* Build the LIBSSO_ZUC library (explained in Installation section). + +* Build DPDK as follows: + +.. code-block:: console + + make config T=x86_64-native-linuxapp-gcc + sed -i 's,\(CONFIG_RTE_LIBRTE_PMD_ZUC\)=n,\1=y,' build/.config + make + +To use the PMD in an application, user must: + +* Call rte_eal_vdev_init("crypto_zuc") within the application. + +* Use --vdev="crypto_zuc" in the EAL options, which will call rte_eal_vdev_init() internally. + +The following parameters (all optional) can be provided in the previous two calls: + +* socket_id: Specify the socket where the memory for the device is going to be allocated + (by default, socket_id will be the socket where the core that is creating the PMD is running on). + +* max_nb_queue_pairs: Specify the maximum number of queue pairs in the device (8 by default). + +* max_nb_sessions: Specify the maximum number of sessions that can be created (2048 by default). + +Example: + +.. code-block:: console + + ./l2fwd-crypto -c 40 -n 4 --vdev="crypto_zuc,socket_id=1,max_nb_sessions=128" |