search

intel / intel-ipsec-mb

Intel(R) Multi-Buffer Crypto for IPSec
BSD 3-Clause "New" or "Revised" License
292 stars 88 forks source link

AESNI emulation code not to be compiled in by default #98

Closed tkanteck closed 2 years ago

tkanteck commented 2 years ago

AESNI emulation implementations are based on the SSE ones. They replace AESNI and PCLMULQDQ instructions with adequate macros. This method of supporting platforms without these CPU extensions is simple and functional. However, it significantly increases library footprint and compilation time. Most users don't need this functionality anyway.

The plan is to:

Any concerns then please let us know here.

tkanteck commented 2 years ago

closing this announcement

pa5h1nh0 commented 2 years ago

Hi @tkanteck, not sure if this is the best place to discuss the following: I am facing an issue where the application using this library segfaults due to the host's CPU lack of AES-NI instruction set. Is there any specific compile option to build also the "software" AES-NI emulation? FYI, I'm using this library indirectly via DPDK's AES-NI PMD, do you happen to know if there would be any code change required in the DPDK PMD or should I better ask this in the dpdk mailing list?

Thanks in advance

pablodelara commented 2 years ago

Hi @pa5h1nh0. You should compile with "AESNI_EMU=y". Re DPDK, I don't think any changes are required.

pa5h1nh0 commented 2 years ago

Hi @pablodelara, thanks for replying. Does this mean that I'd need to build two DPDK libraries? One for hosts supporting the AES-NI instruction set (so with "AESNI_EMU=n"), and one for hosts without it (i.e. with "AESNI_EMU=y")?

pablodelara commented 2 years ago

Hi @pa5h1nh0. No, when AESNI_EMU=y, everything is supported. For machines supporting AES-NI, it will use the implementation using AES-NI and for machines not supporting AES-NI, it will use the emulated instruction implementation.

tkanteck commented 2 years ago

AESNI emulation is very slow. It is very difficult to find system that doesn't support AESNI these days ;) It's broadly available since ~10 years. There could be a BIOS option that switches these extensions off - it may be worth checking it. If this is a virtual environment then there may be a VM misconfiguration (AESNI not supported).