3. AES-NI GCM Crypto Poll Mode Driver

The AES-NI GCM PMD (librte_pmd_aesni_gcm) provides poll mode crypto driver support for utilizing Intel ISA-L crypto library, which provides operation acceleration through the AES-NI instruction sets for AES-GCM authenticated cipher algorithm.

3.1. Features

AESNI GCM PMD has support for:

Cipher algorithms:

  • RTE_CRYPTO_CIPHER_AES_GCM

Authentication algorithms:

  • RTE_CRYPTO_AUTH_AES_GCM
  • RTE_CRYPTO_AUTH_AES_GMAC

3.2. Installation

To build DPDK with the AESNI_GCM_PMD the user is required to install the libisal_crypto library in the build environment. For download and more details please visit https://github.com/01org/isa-l_crypto.

3.3. Initialization

In order to enable this virtual crypto PMD, user must:

  • Install the ISA-L crypto library (explained in Installation section).
  • Set CONFIG_RTE_LIBRTE_PMD_AESNI_GCM=y in config/common_base.

To use the PMD in an application, user must:

  • Call rte_eal_vdev_init(“crypto_aesni_gcm”) within the application.
  • Use –vdev=”crypto_aesni_gcm” in the EAL options, which will call rte_eal_vdev_init() internally.

The following parameters (all optional) can be provided in the previous two calls:

  • socket_id: Specify the socket where the memory for the device is going to be allocated (by default, socket_id will be the socket where the core that is creating the PMD is running on).
  • max_nb_queue_pairs: Specify the maximum number of queue pairs in the device (8 by default).
  • max_nb_sessions: Specify the maximum number of sessions that can be created (2048 by default).

Example:

./l2fwd-crypto -c 40 -n 4 --vdev="crypto_aesni_gcm,socket_id=1,max_nb_sessions=128"

3.4. Limitations

  • Chained mbufs are supported but only out-of-place (destination mbuf must be contiguous).
  • Hash only is not supported.
  • Cipher only is not supported.