summaryrefslogtreecommitdiffstats
path: root/src/spdk/dpdk/doc/guides/cryptodevs/octeontx.rst
blob: 4fa199e3c46f73a79959d9e56c6aeb99d7139b23 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
.. SPDX-License-Identifier: BSD-3-Clause
   Copyright(c) 2018 Cavium, Inc

Cavium OCTEON TX Crypto Poll Mode Driver
========================================

The OCTEON TX crypto poll mode driver provides support for offloading
cryptographic operations to cryptographic accelerator units on
**OCTEON TX** :sup:`®` family of processors (CN8XXX). The OCTEON TX crypto
poll mode driver enqueues the crypto request to this accelerator and dequeues
the response once the operation is completed.

Supported Symmetric Crypto Algorithms
-------------------------------------

Cipher Algorithms
~~~~~~~~~~~~~~~~~

* ``RTE_CRYPTO_CIPHER_NULL``
* ``RTE_CRYPTO_CIPHER_3DES_CBC``
* ``RTE_CRYPTO_CIPHER_3DES_ECB``
* ``RTE_CRYPTO_CIPHER_AES_CBC``
* ``RTE_CRYPTO_CIPHER_AES_CTR``
* ``RTE_CRYPTO_CIPHER_AES_XTS``
* ``RTE_CRYPTO_CIPHER_DES_CBC``
* ``RTE_CRYPTO_CIPHER_KASUMI_F8``
* ``RTE_CRYPTO_CIPHER_SNOW3G_UEA2``
* ``RTE_CRYPTO_CIPHER_ZUC_EEA3``

Hash Algorithms
~~~~~~~~~~~~~~~

* ``RTE_CRYPTO_AUTH_NULL``
* ``RTE_CRYPTO_AUTH_AES_GMAC``
* ``RTE_CRYPTO_AUTH_KASUMI_F9``
* ``RTE_CRYPTO_AUTH_MD5``
* ``RTE_CRYPTO_AUTH_MD5_HMAC``
* ``RTE_CRYPTO_AUTH_SHA1``
* ``RTE_CRYPTO_AUTH_SHA1_HMAC``
* ``RTE_CRYPTO_AUTH_SHA224``
* ``RTE_CRYPTO_AUTH_SHA224_HMAC``
* ``RTE_CRYPTO_AUTH_SHA256``
* ``RTE_CRYPTO_AUTH_SHA256_HMAC``
* ``RTE_CRYPTO_AUTH_SHA384``
* ``RTE_CRYPTO_AUTH_SHA384_HMAC``
* ``RTE_CRYPTO_AUTH_SHA512``
* ``RTE_CRYPTO_AUTH_SHA512_HMAC``
* ``RTE_CRYPTO_AUTH_SNOW3G_UIA2``
* ``RTE_CRYPTO_AUTH_ZUC_EIA3``

AEAD Algorithms
~~~~~~~~~~~~~~~

* ``RTE_CRYPTO_AEAD_AES_GCM``

Supported Asymmetric Crypto Algorithms
--------------------------------------

* ``RTE_CRYPTO_ASYM_XFORM_RSA``
* ``RTE_CRYPTO_ASYM_XFORM_MODEX``

Config flags
------------

For compiling the OCTEON TX crypto poll mode driver, please check if the
CONFIG_RTE_LIBRTE_PMD_OCTEONTX_CRYPTO setting is set to `y` in
config/common_base file.

* ``CONFIG_RTE_LIBRTE_PMD_OCTEONTX_CRYPTO=y``

Compilation
-----------

The OCTEON TX crypto poll mode driver can be compiled either natively on
**OCTEON TX** :sup:`®` board or cross-compiled on an x86 based platform.

Refer :doc:`../platform/octeontx` for details about setting up the platform
and building DPDK applications.

.. note::

   OCTEON TX crypto PF driver needs microcode to be available at `/lib/firmware/` directory.
   Refer SDK documents for further information.

SDK and related information can be obtained from: `Cavium support site <https://support.cavium.com/>`_.

Execution
---------

The number of crypto VFs to be enabled can be controlled by setting sysfs entry,
`sriov_numvfs`, for the corresponding PF driver.

.. code-block:: console

        echo <num_vfs> > /sys/bus/pci/devices/<dev_bus_id>/sriov_numvfs

The device bus ID, `dev_bus_id`, to be used in the above step can be found out
by using dpdk-devbind.py script. The OCTEON TX crypto PF device need to be
identified and the corresponding device number can be used to tune various PF
properties.


Once the required VFs are enabled, dpdk-devbind.py script can be used to
identify the VFs. To be accessible from DPDK, VFs need to be bound to vfio-pci
driver:

.. code-block:: console

        cd <dpdk directory>
        ./usertools/dpdk-devbind.py -u <vf device no>
        ./usertools/dpdk-devbind.py -b vfio-pci <vf device no>

Appropriate huge page need to be setup in order to run the DPDK example
applications.

.. code-block:: console

        echo 8 > /sys/kernel/mm/hugepages/hugepages-524288kB/nr_hugepages
        mkdir /mnt/huge
        mount -t hugetlbfs nodev /mnt/huge

Example applications can now be executed with crypto operations offloaded to
OCTEON TX crypto PMD.

.. code-block:: console

        ./build/ipsec-secgw --log-level=8 -c 0xff -- -P -p 0x3 -u 0x2 --config
        "(1,0,0),(0,0,0)" -f ep1.cfg

Testing
-------

The symmetric crypto operations on OCTEON TX crypto PMD may be verified by running the test
application:

.. code-block:: console

        ./test
        RTE>>cryptodev_octeontx_autotest

The asymmetric crypto operations on OCTEON TX crypto PMD may be verified by running the test
application:

.. code-block:: console

        ./test
        RTE>>cryptodev_octeontx_asym_autotest