IPSec Multi-buffer library v0.46 has been released,
which includes, among othe features, support for 12-byte IV,
for AES-CTR, keeping also the previous 16-byte IV,
for backward compatibility reasons.
Signed-off-by: Pablo de Lara <pablo.de.lara.gua...@intel.com>
---
doc/guides/cryptodevs/aesni_mb.rst | 18 +++++++++++++++++-
doc/guides/rel_notes/release_17_08.rst | 6 ++++++
drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 4 ++--
3 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/doc/guides/cryptodevs/aesni_mb.rst
b/doc/guides/cryptodevs/aesni_mb.rst
index ecb52a1..fafcd9f 100644
--- a/doc/guides/cryptodevs/aesni_mb.rst
+++ b/doc/guides/cryptodevs/aesni_mb.rst
@@ -69,6 +69,9 @@ Limitations
* Chained mbufs are not supported.
* Only in-place is currently supported (destination address is the same as
source address).
* Only supports session-oriented API implementation (session-less APIs are not
supported).
+* If IV is passed with 16 bytes, last 4 bytes will be ignored, as underlying
library only
+ requires 12 bytes and will append 4 bytes (counter) at the end.
+ The library always set these 4 bytes to 1, as IPSec requires counter to be
set to 1.
Installation
------------
@@ -95,7 +98,7 @@ and the Multi-Buffer library version supported by them:
============= ============================
2.2 - 16.11 0.43 - 0.44
17.02 0.44
- 17.05 0.45
+ 17.05 - 17.08 0.45 - 0.46
============= ============================
@@ -131,3 +134,16 @@ Example:
.. code-block:: console
./l2fwd-crypto -l 6 -n 4
--vdev="crypto_aesni_mb,socket_id=1,max_nb_sessions=128"
+
+Extra notes
+-----------
+
+For AES Counter mode (AES-CTR), the library supports two different sizes for
Initialization
+Vector (IV):
+
+* 12 bytes: used mainly for IPSec, as it requires 12 bytes from the user,
which internally
+ are appended the counter block (4 bytes), which is set to 1 for the first
block
+ (no padding required from the user)
+
+* 16 bytes: when passing 16 bytes, the library will take them and use the last
4 bytes
+ as the initial counter block for the first block.
diff --git a/doc/guides/rel_notes/release_17_08.rst
b/doc/guides/rel_notes/release_17_08.rst
index 842f46f..3d9500a 100644
--- a/doc/guides/rel_notes/release_17_08.rst
+++ b/doc/guides/rel_notes/release_17_08.rst
@@ -75,6 +75,12 @@ New Features
Added support for firmwares with multiple Ethernet ports per physical port.
+* **Updated the AESNI MB PMD.**
+
+ The AESNI MB PMD has been updated with additional support for:
+
+ * 12-byte IV on AES Counter Mode, apart from the previous 16-byte IV.
+
Resolved Issues
---------------
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index d1bc28e..82630be 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -220,9 +220,9 @@ static const struct rte_cryptodev_capabilities
aesni_mb_pmd_capabilities[] = {
.increment = 8
},
.iv_size = {
- .min = 16,
+ .min = 12,
.max = 16,
- .increment = 0
+ .increment = 4
}
}, }
}, }
--
2.9.4
