3. AES-NI GCM Crypto Poll Mode Driver
The AES-NI GCM PMD (librte_pmd_aesni_gcm) provides poll mode crypto driver support for utilizing Intel multi buffer library (see AES-NI Multi-buffer PMD documentation to learn more about it, including installation).
The AES-NI GCM PMD has current only been tested on Fedora 21 64-bit with gcc.
3.1. Features
AESNI GCM PMD has support for:
Cipher algorithms:
- RTE_CRYPTO_CIPHER_AES_GCM
Authentication algorithms:
- RTE_CRYPTO_AUTH_AES_GCM
3.2. Initialization
In order to enable this virtual crypto PMD, user must:
- Export the environmental variable AESNI_MULTI_BUFFER_LIB_PATH with the path where the library was extracted.
- Build the multi buffer library (go to Installation section in AES-NI MB PMD documentation).
- Set CONFIG_RTE_LIBRTE_PMD_AESNI_GCM=y in config/common_base.
To use the PMD in an application, user must:
- Call rte_eal_vdev_init(“crypto_aesni_gcm”) within the application.
- Use –vdev=”crypto_aesni_gcm” in the EAL options, which will call rte_eal_vdev_init() internally.
The following parameters (all optional) can be provided in the previous two calls:
- socket_id: Specify the socket where the memory for the device is going to be allocated (by default, socket_id will be the socket where the core that is creating the PMD is running on).
- max_nb_queue_pairs: Specify the maximum number of queue pairs in the device (8 by default).
- max_nb_sessions: Specify the maximum number of sessions that can be created (2048 by default).
Example:
./l2fwd-crypto -c 40 -n 4 --vdev="crypto_aesni_gcm,socket_id=1,max_nb_sessions=128"
3.3. Limitations
- Chained mbufs are not supported.
- Hash only is not supported.
- Cipher only is not supported.
- Only in-place is currently supported (destination address is the same as source address).
- Only supports session-oriented API implementation (session-less APIs are not supported).
- Not performance tuned.