10. Cavium OCTEON TX Crypto Poll Mode Driver
The OCTEON TX crypto poll mode driver provides support for offloading cryptographic operations to cryptographic accelerator units on OCTEON TX ® family of processors (CN8XXX). The OCTEON TX crypto poll mode driver enqueues the crypto request to this accelerator and dequeues the response once the operation is completed.
10.1. Supported Symmetric Crypto Algorithms
10.1.1. Cipher Algorithms
RTE_CRYPTO_CIPHER_NULL
RTE_CRYPTO_CIPHER_3DES_CBC
RTE_CRYPTO_CIPHER_3DES_ECB
RTE_CRYPTO_CIPHER_AES_CBC
RTE_CRYPTO_CIPHER_AES_CTR
RTE_CRYPTO_CIPHER_AES_XTS
RTE_CRYPTO_CIPHER_DES_CBC
RTE_CRYPTO_CIPHER_KASUMI_F8
RTE_CRYPTO_CIPHER_SNOW3G_UEA2
RTE_CRYPTO_CIPHER_ZUC_EEA3
10.1.2. Hash Algorithms
RTE_CRYPTO_AUTH_NULL
RTE_CRYPTO_AUTH_AES_GMAC
RTE_CRYPTO_AUTH_KASUMI_F9
RTE_CRYPTO_AUTH_MD5
RTE_CRYPTO_AUTH_MD5_HMAC
RTE_CRYPTO_AUTH_SHA1
RTE_CRYPTO_AUTH_SHA1_HMAC
RTE_CRYPTO_AUTH_SHA224
RTE_CRYPTO_AUTH_SHA224_HMAC
RTE_CRYPTO_AUTH_SHA256
RTE_CRYPTO_AUTH_SHA256_HMAC
RTE_CRYPTO_AUTH_SHA384
RTE_CRYPTO_AUTH_SHA384_HMAC
RTE_CRYPTO_AUTH_SHA512
RTE_CRYPTO_AUTH_SHA512_HMAC
RTE_CRYPTO_AUTH_SNOW3G_UIA2
RTE_CRYPTO_AUTH_ZUC_EIA3
10.1.3. AEAD Algorithms
RTE_CRYPTO_AEAD_AES_GCM
10.2. Supported Asymmetric Crypto Algorithms
RTE_CRYPTO_ASYM_XFORM_RSA
RTE_CRYPTO_ASYM_XFORM_MODEX
10.3. Config flags
For compiling the OCTEON TX crypto poll mode driver, please check if the CONFIG_RTE_LIBRTE_PMD_OCTEONTX_CRYPTO setting is set to y in config/common_base file.
CONFIG_RTE_LIBRTE_PMD_OCTEONTX_CRYPTO=y
10.4. Compilation
The OCTEON TX crypto poll mode driver can be compiled either natively on OCTEON TX ® board or cross-compiled on an x86 based platform.
Refer OCTEON TX Board Support Package for details about setting up the platform and building DPDK applications.
Note
OCTEON TX crypto PF driver needs microcode to be available at /lib/firmware/ directory. Refer SDK documents for further information.
SDK and related information can be obtained from: Cavium support site.
10.5. Execution
The number of crypto VFs to be enabled can be controlled by setting sysfs entry, sriov_numvfs, for the corresponding PF driver.
echo <num_vfs> > /sys/bus/pci/devices/<dev_bus_id>/sriov_numvfs
The device bus ID, dev_bus_id, to be used in the above step can be found out by using dpdk-devbind.py script. The OCTEON TX crypto PF device need to be identified and the corresponding device number can be used to tune various PF properties.
Once the required VFs are enabled, dpdk-devbind.py script can be used to identify the VFs. To be accessible from DPDK, VFs need to be bound to vfio-pci driver:
cd <dpdk directory>
./usertools/dpdk-devbind.py -u <vf device no>
./usertools/dpdk-devbind.py -b vfio-pci <vf device no>
Appropriate huge page need to be setup in order to run the DPDK example applications.
echo 8 > /sys/kernel/mm/hugepages/hugepages-524288kB/nr_hugepages
mkdir /mnt/huge
mount -t hugetlbfs nodev /mnt/huge
Example applications can now be executed with crypto operations offloaded to OCTEON TX crypto PMD.
./build/ipsec-secgw --log-level=8 -c 0xff -- -P -p 0x3 -u 0x2 --config
"(1,0,0),(0,0,0)" -f ep1.cfg
10.6. Testing
The symmetric crypto operations on OCTEON TX crypto PMD may be verified by running the test application:
./test
RTE>>cryptodev_octeontx_autotest
The asymmetric crypto operations on OCTEON TX crypto PMD may be verified by running the test application:
./test
RTE>>cryptodev_octeontx_asym_autotest