From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sergio.gonzalez.monroy@intel.com>
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 by dpdk.org (Postfix) with ESMTP id 449795323
 for <dev@dpdk.org>; Fri, 30 Jun 2017 15:52:31 +0200 (CEST)
Received: from orsmga002.jf.intel.com ([10.7.209.21])
 by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 30 Jun 2017 06:52:29 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.40,286,1496127600"; d="scan'208";a="105659016"
Received: from smonroyx-mobl.ger.corp.intel.com (HELO [10.237.221.32])
 ([10.237.221.32])
 by orsmga002.jf.intel.com with ESMTP; 30 Jun 2017 06:52:29 -0700
To: Pablo de Lara <pablo.de.lara.guarch@intel.com>, declan.doherty@intel.com
References: <20170628114817.85202-1-pablo.de.lara.guarch@intel.com>
 <20170628114817.85202-2-pablo.de.lara.guarch@intel.com>
Cc: dev@dpdk.org
From: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Message-ID: <43129740-703a-3577-f2db-8b969b3bc4dd@intel.com>
Date: Fri, 30 Jun 2017 14:52:28 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <20170628114817.85202-2-pablo.de.lara.guarch@intel.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [dpdk-dev] [PATCH 1/2] crypto/aesni_mb: support IPSec
 Multi-buffer lib v0.46
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jun 2017 13:52:31 -0000

On 28/06/2017 12:48, Pablo de Lara wrote:
> IPSec Multi-buffer library v0.46 has been released,
> which includes, among othe features, support for 12-byte IV,
> for AES-CTR, keeping also the previous 16-byte IV,
> for backward compatibility reasons.
>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
>   doc/guides/cryptodevs/aesni_mb.rst             | 18 +++++++++++++++++-
>   doc/guides/rel_notes/release_17_08.rst         |  6 ++++++
>   drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c |  4 ++--
>   3 files changed, 25 insertions(+), 3 deletions(-)
>
> diff --git a/doc/guides/cryptodevs/aesni_mb.rst b/doc/guides/cryptodevs/aesni_mb.rst
> index ecb52a1..fafcd9f 100644
> --- a/doc/guides/cryptodevs/aesni_mb.rst
> +++ b/doc/guides/cryptodevs/aesni_mb.rst
> @@ -69,6 +69,9 @@ Limitations
>   * Chained mbufs are not supported.
>   * Only in-place is currently supported (destination address is the same as source address).
>   * Only supports session-oriented API implementation (session-less APIs are not supported).
> +* If IV is passed with 16 bytes, last 4 bytes will be ignored, as underlying library only
> +  requires 12 bytes and will append 4 bytes (counter) at the end.
> +  The library always set these 4 bytes to 1, as IPSec requires counter to be set to 1.

I don't think the text above is correct.

Thanks,
Sergio

>   
>   Installation
>   ------------
> @@ -95,7 +98,7 @@ and the Multi-Buffer library version supported by them:
>      =============  ============================
>      2.2 - 16.11    0.43 - 0.44
>      17.02          0.44
> -   17.05          0.45
> +   17.05 - 17.08  0.45 - 0.46
>      =============  ============================
>   
>   
> @@ -131,3 +134,16 @@ Example:
>   .. code-block:: console
>   
>       ./l2fwd-crypto -l 6 -n 4 --vdev="crypto_aesni_mb,socket_id=1,max_nb_sessions=128"
> +
> +Extra notes
> +-----------
> +
> +For AES Counter mode (AES-CTR), the library supports two different sizes for Initialization
> +Vector (IV):
> +
> +* 12 bytes: used mainly for IPSec, as it requires 12 bytes from the user, which internally
> +  are appended the counter block (4 bytes), which is set to 1 for the first block
> +  (no padding required from the user)
> +
> +* 16 bytes: when passing 16 bytes, the library will take them and use the last 4 bytes
> +  as the initial counter block for the first block.
> diff --git a/doc/guides/rel_notes/release_17_08.rst b/doc/guides/rel_notes/release_17_08.rst
> index 842f46f..3d9500a 100644
> --- a/doc/guides/rel_notes/release_17_08.rst
> +++ b/doc/guides/rel_notes/release_17_08.rst
> @@ -75,6 +75,12 @@ New Features
>   
>     Added support for firmwares with multiple Ethernet ports per physical port.
>   
> +* **Updated the AESNI MB PMD.**
> +
> +  The AESNI MB PMD has been updated with additional support for:
> +
> +  * 12-byte IV on AES Counter Mode, apart from the previous 16-byte IV.
> +
>   
>   Resolved Issues
>   ---------------
> diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
> index d1bc28e..82630be 100644
> --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
> +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
> @@ -220,9 +220,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
>   					.increment = 8
>   				},
>   				.iv_size = {
> -					.min = 16,
> +					.min = 12,
>   					.max = 16,
> -					.increment = 0
> +					.increment = 4
>   				}
>   			}, }
>   		}, }