1libipsec-mb(7) Linux Programmer's Manual libipsec-mb(7)
2
3
4
6 libipsec-mb - overview of Intel(R) Multi-Buffer Crypto for IPSec li‐
7 brary
8
10 Intel Multi-Buffer Crypto for IPsec Library is highly-optimized soft‐
11 ware implementations of the core cryptographic processing for IPsec,
12 which provides industry-leading performance on a range of Intel(R) Pro‐
13 cessors.
14 The library offers API crafted for IPsec applications where a network
15 packet is subject of encryption and integrity operations.
16 For best processor utilization it uses multi buffer technology for al‐
17 gorithms that don't allow multi block processing.
18 See more in the Intel White Paper: "Fast Multi-buffer IPsec Implementa‐
19 tions on Intel Architecture Processors". Jim Guilford, Sean Gulley,
20 et. al.
21 The easiest way to find it is to search the Internet for the title.
22
23
24 More information can be found at intel-ipsec-mb
25 ⟨https://github.com/intel/intel-ipsec-mb⟩.
26
27
28 ENCRYPTION ALGORITHMS
29 AES128-GCM, AES192-GCM, AES256-GCM, AES128-CBC, AES192-CBC, AES256-CBC,
30 AES128-CTR, AES192-CTR, AES256-CTR, AES128-CCM, AES256-CCM, AES128-ECB,
31 AES192-ECB, AES256-ECB, NULL, AES128-DOCSIS, AES256-DOCSIS, DES-DOCSIS,
32 3DES, DES, KASUMI-F8, ZUC-EEA3, SNOW3G-UEA2, AES128-CBCS and Chacha20.
33
34
35 INTEGRITY ALGORITHMS
36 AES-XCBC-96, HMAC-MD5-96, HMAC-SHA1-96, HMAC-SHA2-224_112, HMAC-
37 SHA2-256_128, HMAC-SHA2-384_192, HMAC-SHA2-512_256, AES128-GMAC,
38 AES192-GMAC, AES256-GMAC, NULL, AES128-CCM, AES256-CCM, AES128-CMAC-96,
39 AES256-CMAC-96, KASUMI-F9, ZUC-EIA3, SNOW3G-UIA2, DOCSIS-CRC32, HEC and
40 POLY1305.
41
42
43 RECOMMENDATIONS
44 DES algorithm should be avoided and AES encryption should be used in‐
45 stead.
46 3DES is a legacy algorithms and AES encryption is recommended to use
47 instead.
48 HMAC-MD5-96 is a legacy algorithm and HMAC-SHA1 is recommended to use
49 instead.
50 DES, 3DES and HMAC-MD5-96 are implemented in the library to support
51 legacy applications.
52 AES-ECB algorithm should be avoided and AES-CBC or AES-CNTR encryption
53 should be used instead.
54
55
56 KEY STORAGE
57 The library doesn't offer any solution for secure key storage or stor‐
58 age of sensitive information. It is up to application to arrange safe
59 storage of sensitive information.
60
61
62 API
63 The library offers four sets of identical API's. Each set corresponds
64 to one architecture: SSE, AVX, AVX2 and AVX512.
65 It comprises of init_mb_mgr, get_next_job, submit_job, get_com‐
66 pleted_job and flush_job operations.
67 init_mb_mgr() - initializes the instance of the multi-buffer manager
68 get_next_job() - obtains pointer to next available job entry
69 submit_job() - submits job for processing
70 get_completed_job() - returns already completed jobs
71 flush_job() - flushes multi-buffer manager and completes any outstanding operations.
72
73 The basic usage of the API is presented by this pseudo code:
74
75 init_mb_mgr(&mb_mgr);
76 ...
77 while (work_to_be_done) {
78 job = get_next_job(&mb_mgr);
79 /* TODO: Fill in job fields */
80 job = submit_job(&mb_mgr);
81 while (job != NULL) {
82 /* TODO: Complete processing on job */
83 job = get_completed_job(&mb_mgr);
84 }
85 }
86
87 job = flush_job(&mb_mgr);
88 while (job != NULL) {
89 /* TODO: Complete processing on job */
90 job = flush_job(&mb_mgr);
91 }
92
93 The library provides more interface functions i.e. single block hash
94 functions for HMAC OPAD and IPAD calculations.
95
97 Report bugs at intel-ipsec-mb/issues ⟨https://github.com/intel/intel-
98 ipsec-mb/issues⟩.
99
100
102 Jim Guilford <james.guilford@intel.com>, Tomasz Kantecki <tomasz.kan‐
103 tecki@intel.com>
104
105
106 This is free software; see the source for copying conditions. There is
107 NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
108 PURPOSE.
109
110
111
112Linux 2018-03-01 libipsec-mb(7)