[dpdk-dev,1/2] crypto/aesni_mb: support IPSec Multi-buffer lib v0.46

  IPSec Multi-buffer library v0.46 has been released,
which includes, among othe features, support for 12-byte IV,
for AES-CTR, keeping also the previous 16-byte IV,
for backward compatibility reasons.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 doc/guides/cryptodevs/aesni_mb.rst             | 18 +++++++++++++++++-
 doc/guides/rel_notes/release_17_08.rst         |  6 ++++++
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c |  4 ++--
 3 files changed, 25 insertions(+), 3 deletions(-)
  

On 28/06/2017 12:48, Pablo de Lara wrote:
> IPSec Multi-buffer library v0.46 has been released,
> which includes, among othe features, support for 12-byte IV,
> for AES-CTR, keeping also the previous 16-byte IV,
> for backward compatibility reasons.
>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
>   doc/guides/cryptodevs/aesni_mb.rst             | 18 +++++++++++++++++-
>   doc/guides/rel_notes/release_17_08.rst         |  6 ++++++
>   drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c |  4 ++--
>   3 files changed, 25 insertions(+), 3 deletions(-)
>
> diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
> index ecb52a1..fafcd9f 100644
> --- a/doc/guides/cryptodevs/aesni_mb.rst
> +++ b/doc/guides/cryptodevs/aesni_mb.rst
> @@ -69,6 +69,9 @@ Limitations
>   * Chained mbufs are not supported.
>   * Only in-place is currently supported (destination address is the same as source address).
>   * Only supports session-oriented API implementation (session-less APIs are not supported).
> +* If IV is passed with 16 bytes, last 4 bytes will be ignored, as underlying library only
> +  requires 12 bytes and will append 4 bytes (counter) at the end.
> +  The library always set these 4 bytes to 1, as IPSec requires counter to be set to 1.

I don't think the text above is correct.

Thanks,
Sergio

>   
>   Installation
>   ------------
> @@ -95,7 +98,7 @@ and the Multi-Buffer library version supported by them:
>      =============  ============================
>      2.2 - 16.11    0.43 - 0.44
>      17.02          0.44
> -   17.05          0.45
> +   17.05 - 17.08  0.45 - 0.46
>      =============  ============================
>   
>   
> @@ -131,3 +134,16 @@ Example:
>   .. code-block:: console
>   
>       ./l2fwd-crypto -l 6 -n 4 --vdev="crypto_aesni_mb,socket_id=1,max_nb_sessions=128"
> +
> +Extra notes
> +-----------
> +
> +For AES Counter mode (AES-CTR), the library supports two different sizes for Initialization
> +Vector (IV):
> +
> +* 12 bytes: used mainly for IPSec, as it requires 12 bytes from the user, which internally
> +  are appended the counter block (4 bytes), which is set to 1 for the first block
> +  (no padding required from the user)
> +
> +* 16 bytes: when passing 16 bytes, the library will take them and use the last 4 bytes
> +  as the initial counter block for the first block.
> diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
> index 842f46f..3d9500a 100644
> --- a/doc/guides/rel_notes/release_17_08.rst
> +++ b/doc/guides/rel_notes/release_17_08.rst
> @@ -75,6 +75,12 @@ New Features
>   
>     Added support for firmwares with multiple Ethernet ports per physical port.
>   
> +* **Updated the AESNI MB PMD.**
> +
> +  The AESNI MB PMD has been updated with additional support for:
> +
> +  * 12-byte IV on AES Counter Mode, apart from the previous 16-byte IV.
> +
>   
>   Resolved Issues
>   ---------------
> diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
> index d1bc28e..82630be 100644
> --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
> +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
> @@ -220,9 +220,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
>   					.increment = 8
>   				},
>   				.iv_size = {
> -					.min = 16,
> +					.min = 12,
>   					.max = 16,
> -					.increment = 0
> +					.increment = 4
>   				}
>   			}, }
>   		}, }
  

> -----Original Message-----
> From: Gonzalez Monroy, Sergio
> Sent: Friday, June 30, 2017 2:52 PM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Doherty,
> Declan <declan.doherty@intel.com>
> Cc: dev@dpdk.org
> Subject: Re: [dpdk-dev] [PATCH 1/2] crypto/aesni_mb: support IPSec Multi-
> buffer lib v0.46
> 
> On 28/06/2017 12:48, Pablo de Lara wrote:
> > IPSec Multi-buffer library v0.46 has been released, which includes,
> > among othe features, support for 12-byte IV, for AES-CTR, keeping also
> > the previous 16-byte IV, for backward compatibility reasons.
> >
> > Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> > ---
> >   doc/guides/cryptodevs/aesni_mb.rst             | 18 +++++++++++++++++-
> >   doc/guides/rel_notes/release_17_08.rst         |  6 ++++++
> >   drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c |  4 ++--
> >   3 files changed, 25 insertions(+), 3 deletions(-)
> >
> > diff --git a/doc/guides/cryptodevs/aesni_mb.rst
> > b/doc/guides/cryptodevs/aesni_mb.rst
> > index ecb52a1..fafcd9f 100644
> > --- a/doc/guides/cryptodevs/aesni_mb.rst
> > +++ b/doc/guides/cryptodevs/aesni_mb.rst
> > @@ -69,6 +69,9 @@ Limitations
> >   * Chained mbufs are not supported.
> >   * Only in-place is currently supported (destination address is the same
> as source address).
> >   * Only supports session-oriented API implementation (session-less APIs
> are not supported).
> > +* If IV is passed with 16 bytes, last 4 bytes will be ignored, as
> > +underlying library only
> > +  requires 12 bytes and will append 4 bytes (counter) at the end.
> > +  The library always set these 4 bytes to 1, as IPSec requires counter to
> be set to 1.
> 
> I don't think the text above is correct.

Forgot to remove that, well spotted!
Will send a v2 shortly.

Thanks,
Pablo