NVIDIA DPDK Documentation MLNX_DPDK_22.11_2310.5.1 LTS
NVIDIA Docs Hub Homepage  NVIDIA Networking  Networking Software  Adapter Software  NVIDIA DPDK Documentation MLNX_DPDK_22.11_2310.5.1 LTS  DPDK AES-GCM Crypto

DPDK AES-GCM Crypto

DPDK AES-GCM crypto capability allows the user to perform AES-GCM encryption/decryption actions.

  • Encryption: IV + DEK + Plaintext + AAD = Cipher + Digest

  • Decryption: IV + DEK + Cipher + AAD + Digest = Plaintext

The following are samples of various actions available for this capability:

  • rte_cryptodev API with AES-GCM – dev init:

    Copy
    Copied!
                
    
            
    /* Get the crypto dev num. */
nb_devs = rte_cryptodev_count();
if (!nb_devs)
return -ENOSUP;
/* Use the first dev as example */
cdev_id = 0;
/* Get session size */
sess_size = rte_cryptodev_sym_get_private_session_size(cdev_id);
/* Get cdev info */
rte_cryptodev_info_get(cdev_id, &cdev_info);
/* Create session pool */
sess mp = rte_cryptodev_sym_session_pool_create(…, sess_size, …);
/* Create mbuf pool */
mpool = rte_pktmbuf_pool_create();
/* Create crypto op pool */
oppool = rte_crypto_op_pool_create ();
/* Config cdev */
struct rte_cryptodev_config conf = {0};
conf.ff_disable |= RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO | RTE_CRYPTODEV_FF_SECURITY;
conf.nb_queue_pairs = cdev_info. max_nb_queue_pairs;
rte_cryptodev_configure(cdev_id, &conf);
/* config qp */
struct rte_cryptodev_qp_conf  qp_conf = {0};
qp_conf. nb_descriptors = 512;
for (j = 0; j < conf.nb_queue_pairs; j++)
rte_cryptodev_queue_pair_setup(cdev_id, j, &qp_conf, socket_id);
/* cdev start */
rte_cryptodev_start(cdev_id);

  • rte_cryptodev API with AES-GCM – session create:

    Copy
    Copied!
                
    
            
    /* Create session */
aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
aead_xform.next = NULL;
aead_xform.aead.algo = aead_algo;
aead_xform.aead.op = aead_op;
aead_xform.aead.iv.offset = iv_offset;
aead_xform.aead.key.data = aead_key.data;
aead_xform.aead.key.length aead_key.length;
aead_xform.aead.iv.length aead_iv.length;
aead_xform.aead.digest_length digest_sz;
aead_xform.aead.aad_length = aead_aad_sz;
/* Create crypto session */
sess = rte_cryptodev_sym_session_create(cdev_id, &aead_xform, sess_mp);

  • rte_cryptodev API with AES-GCM – crypto enqueue:

    Copy
    Copied!
                
    
            
    /* Allocate the mbuf */
mbuf = rte_pktmbuf_alloc(mpool);
/* Allocate op */
struct rte_crypto_op *sym_op;
rte_crypto_op_bulk_alloc(opool, RTE_CRYPTO_OP_TYPE_SYMMETRIC, &sym_op, 1);
/* Fill the data to mbuf, in the order of AAD/PAYLOAD/DIGEST will get the best performance */
sym_op->m_src = mbuf;
sym_op->m_dst = NULL;
sym_op->aead.data.offset = 0;
sym_op->aead.data.length = data_len;
sym_op->aead.aad.data = rte_pktmbuf_mtod_offset(sym_op->m_src, uint8_t *, -aad.length);
sym_op->aead.digest.data = rte_pktmbuf_mtod_offset(buf, uint8_t *, data_len);
/* enqueue and dequeu */
rte_cryptodev_enqueue_burst();
rte_cryptodev_dequeue_burst();

© Copyright 2024, NVIDIA. Last updated on Jan 9, 2025
content here