Packet Security

Packet security is often implemented by protocols such as IPsec, SSL/TLS, SRTP, QUIC, and WireGuard. It supports multiple symmetric algorithms implemented by Intel single-instruction multiple data intrinsics and multi-buffer technology, and this library has been integrated with the Data Plane Development Kit (DPDK) Cryptodev library. This chapter introduces how to write a simple cryptographic application using the symmetric AES-CBC cipher algorithm and SHA1 hash algorithm to encrypt and authenticate the packets step-by-step. It focuses on symmetric cryptographic operation. DPDK Cryptodev poll mode driver (PMD) will update the status field in the cryptographic operation. The IPsec library also adopts the session idea similar to the DPDK Cryptodev and security libraries. DPDK Compressdev was a new feature in early 2018. The APIs are used to submit and retrieve the compression operations. For many compression algorithms, the compression of one operation often depends on the previous operation, and it is important for the PMD to be aware of the data stream beforehand.