1.. SPDX-License-Identifier: BSD-3-Clause 2 Copyright(c) 2016-2020 Intel Corporation. 3 4AES-NI GCM Crypto Poll Mode Driver 5================================== 6 7 8The AES-NI GCM PMD (**librte_crypto_aesni_gcm**) provides poll mode crypto driver 9support for utilizing Intel multi buffer library (see AES-NI Multi-buffer PMD documentation 10to learn more about it, including installation). 11 12The AES-NI GCM PMD supports synchronous mode of operation with 13``rte_cryptodev_sym_cpu_crypto_process`` function call for both AES-GCM and 14GMAC, however GMAC support is limited to one segment per operation. Please 15refer to ``rte_crypto`` programmer's guide for more detail. 16 17Features 18-------- 19 20AESNI GCM PMD has support for: 21 22Authentication algorithms: 23 24* RTE_CRYPTO_AUTH_AES_GMAC 25 26AEAD algorithms: 27 28* RTE_CRYPTO_AEAD_AES_GCM 29 30Limitations 31----------- 32 33* In out-of-place operations, chained destination mbufs are not supported. 34* Cipher only is not supported. 35 36 37Installation 38------------ 39 40To build DPDK with the AESNI_GCM_PMD the user is required to download the multi-buffer 41library from `here <https://github.com/01org/intel-ipsec-mb>`_ 42and compile it on their user system before building DPDK. 43The latest version of the library supported by this PMD is v0.55, which 44can be downloaded in `<https://github.com/01org/intel-ipsec-mb/archive/v0.55.zip>`_. 45 46.. code-block:: console 47 48 make 49 make install 50 51The library requires NASM to be built. Depending on the library version, it might 52require a minimum NASM version (e.g. v0.54 requires at least NASM 2.14). 53 54NASM is packaged for different OS. However, on some OS the version is too old, 55so a manual installation is required. In that case, NASM can be downloaded from 56`NASM website <https://www.nasm.us/pub/nasm/releasebuilds/?C=M;O=D>`_. 57Once it is downloaded, extract it and follow these steps: 58 59.. code-block:: console 60 61 ./configure 62 make 63 make install 64 65.. note:: 66 67 Compilation of the Multi-Buffer library is broken when GCC < 5.0, if library <= v0.53. 68 If a lower GCC version than 5.0, the workaround proposed by the following link 69 should be used: `<https://github.com/intel/intel-ipsec-mb/issues/40>`_. 70 71 72As a reference, the following table shows a mapping between the past DPDK versions 73and the external crypto libraries supported by them: 74 75.. _table_aesni_gcm_versions: 76 77.. table:: DPDK and external crypto library version compatibility 78 79 ============= ================================ 80 DPDK version Crypto library version 81 ============= ================================ 82 16.04 - 16.11 Multi-buffer library 0.43 - 0.44 83 17.02 - 17.05 ISA-L Crypto v2.18 84 17.08 - 18.02 Multi-buffer library 0.46 - 0.48 85 18.05 - 19.02 Multi-buffer library 0.49 - 0.52 86 19.05+ Multi-buffer library 0.52 - 0.55 87 ============= ================================ 88 89 90Initialization 91-------------- 92 93In order to enable this virtual crypto PMD, user must: 94 95* Build the multi buffer library (explained in Installation section). 96 97To use the PMD in an application, user must: 98 99* Call rte_vdev_init("crypto_aesni_gcm") within the application. 100 101* Use --vdev="crypto_aesni_gcm" in the EAL options, which will call rte_vdev_init() internally. 102 103The following parameters (all optional) can be provided in the previous two calls: 104 105* socket_id: Specify the socket where the memory for the device is going to be allocated 106 (by default, socket_id will be the socket where the core that is creating the PMD is running on). 107 108* max_nb_queue_pairs: Specify the maximum number of queue pairs in the device (8 by default). 109 110* max_nb_sessions: Specify the maximum number of sessions that can be created (2048 by default). 111 112Example: 113 114.. code-block:: console 115 116 ./dpdk-l2fwd-crypto -l 1 -n 4 --vdev="crypto_aesni_gcm,socket_id=0,max_nb_sessions=128" \ 117 -- -p 1 --cdev SW --chain AEAD --aead_algo "aes-gcm" 118