[dpdk-dev,1/2] crypto/aesni_mb: support IPSec Multi-buffer lib v0.46
Checks
Commit Message
IPSec Multi-buffer library v0.46 has been released,
which includes, among othe features, support for 12-byte IV,
for AES-CTR, keeping also the previous 16-byte IV,
for backward compatibility reasons.
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
doc/guides/cryptodevs/aesni_mb.rst | 18 +++++++++++++++++-
doc/guides/rel_notes/release_17_08.rst | 6 ++++++
drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 4 ++--
3 files changed, 25 insertions(+), 3 deletions(-)
Comments
On 28/06/2017 12:48, Pablo de Lara wrote:
> IPSec Multi-buffer library v0.46 has been released,
> which includes, among othe features, support for 12-byte IV,
> for AES-CTR, keeping also the previous 16-byte IV,
> for backward compatibility reasons.
>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
> doc/guides/cryptodevs/aesni_mb.rst | 18 +++++++++++++++++-
> doc/guides/rel_notes/release_17_08.rst | 6 ++++++
> drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 4 ++--
> 3 files changed, 25 insertions(+), 3 deletions(-)
>
> diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
> index ecb52a1..fafcd9f 100644
> --- a/doc/guides/cryptodevs/aesni_mb.rst
> +++ b/doc/guides/cryptodevs/aesni_mb.rst
> @@ -69,6 +69,9 @@ Limitations
> * Chained mbufs are not supported.
> * Only in-place is currently supported (destination address is the same as source address).
> * Only supports session-oriented API implementation (session-less APIs are not supported).
> +* If IV is passed with 16 bytes, last 4 bytes will be ignored, as underlying library only
> + requires 12 bytes and will append 4 bytes (counter) at the end.
> + The library always set these 4 bytes to 1, as IPSec requires counter to be set to 1.
I don't think the text above is correct.
Thanks,
Sergio
>
> Installation
> ------------
> @@ -95,7 +98,7 @@ and the Multi-Buffer library version supported by them:
> ============= ============================
> 2.2 - 16.11 0.43 - 0.44
> 17.02 0.44
> - 17.05 0.45
> + 17.05 - 17.08 0.45 - 0.46
> ============= ============================
>
>
> @@ -131,3 +134,16 @@ Example:
> .. code-block:: console
>
> ./l2fwd-crypto -l 6 -n 4 --vdev="crypto_aesni_mb,socket_id=1,max_nb_sessions=128"
> +
> +Extra notes
> +-----------
> +
> +For AES Counter mode (AES-CTR), the library supports two different sizes for Initialization
> +Vector (IV):
> +
> +* 12 bytes: used mainly for IPSec, as it requires 12 bytes from the user, which internally
> + are appended the counter block (4 bytes), which is set to 1 for the first block
> + (no padding required from the user)
> +
> +* 16 bytes: when passing 16 bytes, the library will take them and use the last 4 bytes
> + as the initial counter block for the first block.
> diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
> index 842f46f..3d9500a 100644
> --- a/doc/guides/rel_notes/release_17_08.rst
> +++ b/doc/guides/rel_notes/release_17_08.rst
> @@ -75,6 +75,12 @@ New Features
>
> Added support for firmwares with multiple Ethernet ports per physical port.
>
> +* **Updated the AESNI MB PMD.**
> +
> + The AESNI MB PMD has been updated with additional support for:
> +
> + * 12-byte IV on AES Counter Mode, apart from the previous 16-byte IV.
> +
>
> Resolved Issues
> ---------------
> diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
> index d1bc28e..82630be 100644
> --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
> +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
> @@ -220,9 +220,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
> .increment = 8
> },
> .iv_size = {
> - .min = 16,
> + .min = 12,
> .max = 16,
> - .increment = 0
> + .increment = 4
> }
> }, }
> }, }
> -----Original Message-----
> From: Gonzalez Monroy, Sergio
> Sent: Friday, June 30, 2017 2:52 PM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Doherty,
> Declan <declan.doherty@intel.com>
> Cc: dev@dpdk.org
> Subject: Re: [dpdk-dev] [PATCH 1/2] crypto/aesni_mb: support IPSec Multi-
> buffer lib v0.46
>
> On 28/06/2017 12:48, Pablo de Lara wrote:
> > IPSec Multi-buffer library v0.46 has been released, which includes,
> > among othe features, support for 12-byte IV, for AES-CTR, keeping also
> > the previous 16-byte IV, for backward compatibility reasons.
> >
> > Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> > ---
> > doc/guides/cryptodevs/aesni_mb.rst | 18 +++++++++++++++++-
> > doc/guides/rel_notes/release_17_08.rst | 6 ++++++
> > drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 4 ++--
> > 3 files changed, 25 insertions(+), 3 deletions(-)
> >
> > diff --git a/doc/guides/cryptodevs/aesni_mb.rst
> > b/doc/guides/cryptodevs/aesni_mb.rst
> > index ecb52a1..fafcd9f 100644
> > --- a/doc/guides/cryptodevs/aesni_mb.rst
> > +++ b/doc/guides/cryptodevs/aesni_mb.rst
> > @@ -69,6 +69,9 @@ Limitations
> > * Chained mbufs are not supported.
> > * Only in-place is currently supported (destination address is the same
> as source address).
> > * Only supports session-oriented API implementation (session-less APIs
> are not supported).
> > +* If IV is passed with 16 bytes, last 4 bytes will be ignored, as
> > +underlying library only
> > + requires 12 bytes and will append 4 bytes (counter) at the end.
> > + The library always set these 4 bytes to 1, as IPSec requires counter to
> be set to 1.
>
> I don't think the text above is correct.
Forgot to remove that, well spotted!
Will send a v2 shortly.
Thanks,
Pablo
@@ -69,6 +69,9 @@ Limitations
* Chained mbufs are not supported.
* Only in-place is currently supported (destination address is the same as source address).
* Only supports session-oriented API implementation (session-less APIs are not supported).
+* If IV is passed with 16 bytes, last 4 bytes will be ignored, as underlying library only
+ requires 12 bytes and will append 4 bytes (counter) at the end.
+ The library always set these 4 bytes to 1, as IPSec requires counter to be set to 1.
Installation
------------
@@ -95,7 +98,7 @@ and the Multi-Buffer library version supported by them:
============= ============================
2.2 - 16.11 0.43 - 0.44
17.02 0.44
- 17.05 0.45
+ 17.05 - 17.08 0.45 - 0.46
============= ============================
@@ -131,3 +134,16 @@ Example:
.. code-block:: console
./l2fwd-crypto -l 6 -n 4 --vdev="crypto_aesni_mb,socket_id=1,max_nb_sessions=128"
+
+Extra notes
+-----------
+
+For AES Counter mode (AES-CTR), the library supports two different sizes for Initialization
+Vector (IV):
+
+* 12 bytes: used mainly for IPSec, as it requires 12 bytes from the user, which internally
+ are appended the counter block (4 bytes), which is set to 1 for the first block
+ (no padding required from the user)
+
+* 16 bytes: when passing 16 bytes, the library will take them and use the last 4 bytes
+ as the initial counter block for the first block.
@@ -75,6 +75,12 @@ New Features
Added support for firmwares with multiple Ethernet ports per physical port.
+* **Updated the AESNI MB PMD.**
+
+ The AESNI MB PMD has been updated with additional support for:
+
+ * 12-byte IV on AES Counter Mode, apart from the previous 16-byte IV.
+
Resolved Issues
---------------
@@ -220,9 +220,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
.increment = 8
},
.iv_size = {
- .min = 16,
+ .min = 12,
.max = 16,
- .increment = 0
+ .increment = 4
}
}, }
}, }