1libipsec-mb(7)             Linux Programmer's Manual            libipsec-mb(7)
2
3
4

NAME

6       libipsec-mb  -  overview  of Intel(R) Multi-Buffer Crypto for IPSec li‐
7       brary
8

DESCRIPTION

10       Intel Multi-Buffer Crypto for IPsec Library is  highly-optimized  soft‐
11       ware  implementations  of  the core cryptographic processing for IPsec,
12       which provides industry-leading performance on a range of Intel(R) Pro‐
13       cessors.
14       The  library  offers API crafted for IPsec applications where a network
15       packet is subject of encryption and integrity operations.
16       For best processor utilization it uses multi buffer technology for  al‐
17       gorithms that don't allow multi block processing.
18       See more in the Intel White Paper: "Fast Multi-buffer IPsec Implementa‐
19       tions on Intel Architecture Processors".  Jim  Guilford,  Sean  Gulley,
20       et. al.
21       The easiest way to find it is to search the Internet for the title.
22
23
24       More     information     can     be     found     at     intel-ipsec-mb
25https://github.com/intel/intel-ipsec-mb⟩.
26
27
28   ENCRYPTION ALGORITHMS
29       AES128-GCM, AES192-GCM, AES256-GCM, AES128-CBC, AES192-CBC, AES256-CBC,
30       AES128-CTR, AES192-CTR, AES256-CTR, AES128-CCM, AES256-CCM, AES128-ECB,
31       AES192-ECB, AES256-ECB, NULL, AES128-DOCSIS, AES256-DOCSIS, DES-DOCSIS,
32       3DES, DES, KASUMI-F8, ZUC-EEA3, SNOW3G-UEA2, AES128-CBCS and Chacha20.
33
34
35   INTEGRITY ALGORITHMS
36       AES-XCBC-96,   HMAC-MD5-96,   HMAC-SHA1-96,   HMAC-SHA2-224_112,  HMAC-
37       SHA2-256_128,   HMAC-SHA2-384_192,   HMAC-SHA2-512_256,    AES128-GMAC,
38       AES192-GMAC, AES256-GMAC, NULL, AES128-CCM, AES256-CCM, AES128-CMAC-96,
39       AES256-CMAC-96, KASUMI-F9, ZUC-EIA3, SNOW3G-UIA2, DOCSIS-CRC32, HEC and
40       POLY1305.
41
42
43   RECOMMENDATIONS
44       DES  algorithm  should be avoided and AES encryption should be used in‐
45       stead.
46       3DES is a legacy algorithms and AES encryption is  recommended  to  use
47       instead.
48       HMAC-MD5-96  is  a legacy algorithm and HMAC-SHA1 is recommended to use
49       instead.
50       DES, 3DES and HMAC-MD5-96 are implemented in  the  library  to  support
51       legacy applications.
52       AES-ECB  algorithm should be avoided and AES-CBC or AES-CNTR encryption
53       should be used instead.
54
55
56   KEY STORAGE
57       The library doesn't offer any solution for secure key storage or  stor‐
58       age  of sensitive information.  It is up to application to arrange safe
59       storage of sensitive information.
60
61
62   API
63       The library offers four sets of identical API's. Each  set  corresponds
64       to one architecture: SSE, AVX, AVX2 and AVX512.
65       It   comprises   of  init_mb_mgr,  get_next_job,  submit_job,  get_com‐
66       pleted_job and flush_job operations.
67       init_mb_mgr()  - initializes the instance of the multi-buffer manager
68       get_next_job() - obtains pointer to next available job entry
69       submit_job()   - submits job for processing
70       get_completed_job() - returns already completed jobs
71       flush_job()    - flushes multi-buffer manager and completes any outstanding operations.
72
73       The basic usage of the API is presented by this pseudo code:
74
75               init_mb_mgr(&mb_mgr);
76               ...
77               while (work_to_be_done) {
78                       job = get_next_job(&mb_mgr);
79                       /* TODO: Fill in job fields */
80                       job = submit_job(&mb_mgr);
81                       while (job != NULL) {
82                               /* TODO: Complete processing on job */
83                            job = get_completed_job(&mb_mgr);
84                       }
85               }
86
87               job = flush_job(&mb_mgr);
88               while (job != NULL) {
89                       /* TODO: Complete processing on job */
90                    job = flush_job(&mb_mgr);
91               }
92
93       The library provides more interface functions i.e.  single  block  hash
94       functions for HMAC OPAD and IPAD calculations.
95

BUGS

97       Report  bugs  at intel-ipsec-mb/issueshttps://github.com/intel/intel-
98       ipsec-mb/issues⟩.
99
100

AUTHORS

102       Jim Guilford <james.guilford@intel.com>, Tomasz  Kantecki  <tomasz.kan‐
103       tecki@intel.com>
104
105
106       This is free software; see the source for copying conditions.  There is
107       NO warranty; not even for MERCHANTABILITY or FITNESS FOR  A  PARTICULAR
108       PURPOSE.
109
110
111
112Linux                             2018-03-01                    libipsec-mb(7)
Impressum