summaryrefslogtreecommitdiff
path: root/config/common_bsdapp
diff options
context:
space:
mode:
authorDeclan Doherty <declan.doherty@intel.com>2015-11-25 13:25:15 +0000
committerThomas Monjalon <thomas.monjalon@6wind.com>2015-11-25 19:18:04 +0100
commit924e84f87306caf675fe8ad424db827e2629ee47 (patch)
tree368635bd95d603d5631ca5b4e2a700a06d9ccad2 /config/common_bsdapp
parent1703e94ac5cee1014dcf4d6d9e72547a1e5aecaa (diff)
downloaddpdk-924e84f87306caf675fe8ad424db827e2629ee47.zip
dpdk-924e84f87306caf675fe8ad424db827e2629ee47.tar.gz
dpdk-924e84f87306caf675fe8ad424db827e2629ee47.tar.xz
aesni_mb: add driver for multi buffer based crypto
This patch provides the initial implementation of the AES-NI multi-buffer based crypto poll mode driver using DPDK's new cryptodev framework. This PMD is dependent on Intel's multibuffer library, see the whitepaper "Fast Multi-buffer IPsec Implementations on IntelĀ® Architecture Processors", see ref 1 for details on the library's design and ref 2 to download the library itself. This initial implementation is limited to supporting the chained operations of "hash then cipher" or "cipher then hash" for the following cipher and hash algorithms: Cipher algorithms: - RTE_CRYPTO_CIPHER_AES_CBC (with 128-bit, 192-bit and 256-bit keys supported) Authentication algorithms: - RTE_CRYPTO_AUTH_SHA1_HMAC - RTE_CRYPTO_AUTH_SHA256_HMAC - RTE_CRYPTO_AUTH_SHA512_HMAC - RTE_CRYPTO_AUTH_AES_XCBC_MAC Important Note: Due to the fact that the multi-buffer library is designed for accelerating IPsec crypto operation, the digest's generated for the HMAC functions are truncated to lengths specified by IPsec RFC's, ie RFC2404 for using HMAC-SHA-1 with IPsec specifies that the digest is truncate from 20 to 12 bytes. Build instructions: To build DPDK with the AESNI_MB_PMD the user is required to download (ref 2) and compile the multi-buffer library on there system before building DPDK. The environmental variable AESNI_MULTI_BUFFER_LIB_PATH must be exported with the path where you extracted and built the multi buffer library and finally set CONFIG_RTE_LIBRTE_PMD_AESNI_MB=y in config/common_linuxapp. Current status: It's doesn't support crypto operation across chained mbufs, or cipher only or hash only operations. ref 1: https://www-ssl.intel.com/content/www/us/en/intelligent-systems/intel-technology/fast-multi-buffer-ipsec-implementations-ia-processors-p ref 2: https://downloadcenter.intel.com/download/22972 Signed-off-by: Declan Doherty <declan.doherty@intel.com> Acked-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Diffstat (limited to 'config/common_bsdapp')
-rw-r--r--config/common_bsdapp6
1 files changed, 6 insertions, 0 deletions
diff --git a/config/common_bsdapp b/config/common_bsdapp
index e6b6ced..56020b6 100644
--- a/config/common_bsdapp
+++ b/config/common_bsdapp
@@ -331,6 +331,12 @@ CONFIG_RTE_LIBRTE_QAT_DEBUG_DRIVER=n
CONFIG_RTE_MAX_QAT_SESSIONS=200
#
+# Compile PMD for AESNI backed device
+#
+CONFIG_RTE_LIBRTE_PMD_AESNI_MB=n
+CONFIG_RTE_LIBRTE_AESNI_MB_DEBUG=n
+
+#
# Compile librte_ring
#
CONFIG_RTE_LIBRTE_RING=y