From: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
To: Pablo de Lara <pablo.de.lara.guarch@intel.com>, declan.doherty@intel.com
Cc: dev@dpdk.org
Subject: Re: [dpdk-dev] [PATCH 1/2] crypto/aesni_mb: support IPSec Multi-buffer lib v0.46
Date: Fri, 30 Jun 2017 14:52:28 +0100 [thread overview]
Message-ID: <43129740-703a-3577-f2db-8b969b3bc4dd@intel.com> (raw)
In-Reply-To: <20170628114817.85202-2-pablo.de.lara.guarch@intel.com>
On 28/06/2017 12:48, Pablo de Lara wrote:
> IPSec Multi-buffer library v0.46 has been released,
> which includes, among othe features, support for 12-byte IV,
> for AES-CTR, keeping also the previous 16-byte IV,
> for backward compatibility reasons.
>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
> doc/guides/cryptodevs/aesni_mb.rst | 18 +++++++++++++++++-
> doc/guides/rel_notes/release_17_08.rst | 6 ++++++
> drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 4 ++--
> 3 files changed, 25 insertions(+), 3 deletions(-)
>
> diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
> index ecb52a1..fafcd9f 100644
> --- a/doc/guides/cryptodevs/aesni_mb.rst
> +++ b/doc/guides/cryptodevs/aesni_mb.rst
> @@ -69,6 +69,9 @@ Limitations
> * Chained mbufs are not supported.
> * Only in-place is currently supported (destination address is the same as source address).
> * Only supports session-oriented API implementation (session-less APIs are not supported).
> +* If IV is passed with 16 bytes, last 4 bytes will be ignored, as underlying library only
> + requires 12 bytes and will append 4 bytes (counter) at the end.
> + The library always set these 4 bytes to 1, as IPSec requires counter to be set to 1.
I don't think the text above is correct.
Thanks,
Sergio
>
> Installation
> ------------
> @@ -95,7 +98,7 @@ and the Multi-Buffer library version supported by them:
> ============= ============================
> 2.2 - 16.11 0.43 - 0.44
> 17.02 0.44
> - 17.05 0.45
> + 17.05 - 17.08 0.45 - 0.46
> ============= ============================
>
>
> @@ -131,3 +134,16 @@ Example:
> .. code-block:: console
>
> ./l2fwd-crypto -l 6 -n 4 --vdev="crypto_aesni_mb,socket_id=1,max_nb_sessions=128"
> +
> +Extra notes
> +-----------
> +
> +For AES Counter mode (AES-CTR), the library supports two different sizes for Initialization
> +Vector (IV):
> +
> +* 12 bytes: used mainly for IPSec, as it requires 12 bytes from the user, which internally
> + are appended the counter block (4 bytes), which is set to 1 for the first block
> + (no padding required from the user)
> +
> +* 16 bytes: when passing 16 bytes, the library will take them and use the last 4 bytes
> + as the initial counter block for the first block.
> diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
> index 842f46f..3d9500a 100644
> --- a/doc/guides/rel_notes/release_17_08.rst
> +++ b/doc/guides/rel_notes/release_17_08.rst
> @@ -75,6 +75,12 @@ New Features
>
> Added support for firmwares with multiple Ethernet ports per physical port.
>
> +* **Updated the AESNI MB PMD.**
> +
> + The AESNI MB PMD has been updated with additional support for:
> +
> + * 12-byte IV on AES Counter Mode, apart from the previous 16-byte IV.
> +
>
> Resolved Issues
> ---------------
> diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
> index d1bc28e..82630be 100644
> --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
> +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
> @@ -220,9 +220,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
> .increment = 8
> },
> .iv_size = {
> - .min = 16,
> + .min = 12,
> .max = 16,
> - .increment = 0
> + .increment = 4
> }
> }, }
> }, }
next prev parent reply other threads:[~2017-06-30 13:52 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-28 11:48 [dpdk-dev] [PATCH 0/2] AES-NI MB PMD: support Multi-buffer library 0.46 Pablo de Lara
2017-06-28 11:48 ` [dpdk-dev] [PATCH 1/2] crypto/aesni_mb: support IPSec Multi-buffer lib v0.46 Pablo de Lara
2017-06-30 13:52 ` Sergio Gonzalez Monroy [this message]
2017-07-02 10:46 ` De Lara Guarch, Pablo
2017-06-28 11:48 ` [dpdk-dev] [PATCH 2/2] test/crypto: add 12-byte IV AES-CTR test cases Pablo de Lara
2017-07-02 2:55 ` [dpdk-dev] [PATCH v2 0/2] AES-NI MB PMD: support Multi-buffer library 0.46 Pablo de Lara
2017-07-02 2:55 ` [dpdk-dev] [PATCH v2 1/2] crypto/aesni_mb: support IPSec Multi-buffer lib v0.46 Pablo de Lara
2017-07-03 16:03 ` Declan Doherty
2017-07-02 2:55 ` [dpdk-dev] [PATCH v2 2/2] test/crypto: add 12-byte IV AES-CTR test cases Pablo de Lara
2017-07-03 16:03 ` Declan Doherty
2017-07-03 20:22 ` [dpdk-dev] [PATCH v2 0/2] AES-NI MB PMD: support Multi-buffer library 0.46 De Lara Guarch, Pablo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43129740-703a-3577-f2db-8b969b3bc4dd@intel.com \
--to=sergio.gonzalez.monroy@intel.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=pablo.de.lara.guarch@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).