From: Fan Zhang <roy.fan.zhang@intel.com> To: dev@dpdk.org Cc: akhil.goyal@nxp.com, konstantin.ananyev@intel.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, Fan Zhang <roy.fan.zhang@intel.com> Subject: [dpdk-dev] [RFC PATCH 0/9] security: add software synchronous crypto process Date: Tue, 3 Sep 2019 16:40:37 +0100 Message-ID: <20190903154046.55992-1-roy.fan.zhang@intel.com> (raw) This RFC patch adds a way to rte_security to process symmetric crypto workload in bulk synchronously for SW crypto devices. Originally both SW and HW crypto PMDs works under rte_cryptodev to process the crypto workload asynchronously. This way provides uniformity to both PMD types but also introduce unnecessary performance penalty to SW PMDs such as extra SW ring enqueue/dequeue steps to "simulate" asynchronous working manner and unnecessary HW addresses computation. We introduce a new way for SW crypto devices that perform crypto operation synchronously with only fields required for the computation as input. The proof-of-concept AESNI-GCM and AESNI-MB SW PMDs are updated with the support of this new method. To demonstrate the performance gain with this method 2 simple performance evaluation apps under unit-test are added "app/test: security_aesni_gcm_perftest/security_aesni_mb_perftest". The users can freely compare their results against crypto perf application results. Fan Zhang (9): security: introduce CPU Crypto action type and API crypto/aesni_gcm: add rte_security handler app/test: add security cpu crypto autotest app/test: add security cpu crypto perftest crypto/aesni_mb: add rte_security handler app/test: add aesni_mb security cpu crypto autotest app/test: add aesni_mb security cpu crypto perftest ipsec: add rte_security cpu_crypto action support examples/ipsec-secgw: add security cpu_crypto action support app/test/Makefile | 1 + app/test/meson.build | 1 + app/test/test_security_cpu_crypto.c | 1326 ++++++++++++++++++++ drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 91 +- drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 95 ++ drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h | 23 + drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 291 ++++- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 91 +- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 21 +- examples/ipsec-secgw/ipsec.c | 22 + examples/ipsec-secgw/ipsec_process.c | 4 +- examples/ipsec-secgw/sa.c | 13 +- examples/ipsec-secgw/test/run_test.sh | 10 + .../test/trs_3descbc_sha1_cpu_crypto_defs.sh | 5 + .../test/trs_aescbc_sha1_cpu_crypto_defs.sh | 5 + .../test/trs_aesctr_sha1_cpu_crypto_defs.sh | 5 + .../ipsec-secgw/test/trs_aesgcm_cpu_crypto_defs.sh | 5 + .../test/trs_aesgcm_mb_cpu_crypto_defs.sh | 7 + .../test/tun_3descbc_sha1_cpu_crypto_defs.sh | 5 + .../test/tun_aescbc_sha1_cpu_crypto_defs.sh | 5 + .../test/tun_aesctr_sha1_cpu_crypto_defs.sh | 5 + .../ipsec-secgw/test/tun_aesgcm_cpu_crypto_defs.sh | 5 + .../test/tun_aesgcm_mb_cpu_crypto_defs.sh | 7 + lib/librte_ipsec/esp_inb.c | 174 ++- lib/librte_ipsec/esp_outb.c | 290 ++++- lib/librte_ipsec/sa.c | 53 +- lib/librte_ipsec/sa.h | 29 + lib/librte_ipsec/ses.c | 4 +- lib/librte_security/rte_security.c | 16 + lib/librte_security/rte_security.h | 51 +- lib/librte_security/rte_security_driver.h | 19 + lib/librte_security/rte_security_version.map | 1 + 32 files changed, 2658 insertions(+), 22 deletions(-) create mode 100644 app/test/test_security_cpu_crypto.c create mode 100644 examples/ipsec-secgw/test/trs_3descbc_sha1_cpu_crypto_defs.sh create mode 100644 examples/ipsec-secgw/test/trs_aescbc_sha1_cpu_crypto_defs.sh create mode 100644 examples/ipsec-secgw/test/trs_aesctr_sha1_cpu_crypto_defs.sh create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_cpu_crypto_defs.sh create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_mb_cpu_crypto_defs.sh create mode 100644 examples/ipsec-secgw/test/tun_3descbc_sha1_cpu_crypto_defs.sh create mode 100644 examples/ipsec-secgw/test/tun_aescbc_sha1_cpu_crypto_defs.sh create mode 100644 examples/ipsec-secgw/test/tun_aesctr_sha1_cpu_crypto_defs.sh create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_cpu_crypto_defs.sh create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_mb_cpu_crypto_defs.sh -- 2.14.5
next reply index Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-09-03 15:40 Fan Zhang [this message] 2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 1/9] security: introduce CPU Crypto action type and API Fan Zhang 2019-09-04 10:32 ` Akhil Goyal 2019-09-04 13:06 ` Zhang, Roy Fan 2019-09-06 9:01 ` Akhil Goyal 2019-09-06 13:12 ` Zhang, Roy Fan 2019-09-10 11:25 ` Akhil Goyal 2019-09-11 13:01 ` Ananyev, Konstantin 2019-09-06 13:27 ` Ananyev, Konstantin 2019-09-10 10:44 ` Akhil Goyal 2019-09-11 12:29 ` Ananyev, Konstantin 2019-09-12 14:12 ` Akhil Goyal 2019-09-16 14:53 ` Ananyev, Konstantin 2019-09-16 15:08 ` Ananyev, Konstantin 2019-09-17 6:02 ` Akhil Goyal 2019-09-18 7:44 ` Ananyev, Konstantin 2019-09-25 18:24 ` Ananyev, Konstantin 2019-09-27 9:26 ` Akhil Goyal 2019-09-30 12:22 ` Ananyev, Konstantin 2019-09-30 13:43 ` Akhil Goyal 2019-10-01 14:49 ` Ananyev, Konstantin 2019-10-03 13:24 ` Akhil Goyal 2019-10-07 12:53 ` Ananyev, Konstantin 2019-10-09 7:20 ` Akhil Goyal 2019-10-09 13:43 ` Ananyev, Konstantin 2019-10-11 13:23 ` Akhil Goyal 2019-10-13 23:07 ` Zhang, Roy Fan 2019-10-14 11:10 ` Ananyev, Konstantin 2019-10-15 15:02 ` Akhil Goyal 2019-10-16 13:04 ` Ananyev, Konstantin 2019-10-15 15:00 ` Akhil Goyal 2019-10-16 22:07 ` Ananyev, Konstantin 2019-10-17 12:49 ` Ananyev, Konstantin 2019-10-18 13:17 ` Akhil Goyal 2019-10-21 13:47 ` Ananyev, Konstantin 2019-10-22 13:31 ` Akhil Goyal 2019-10-22 17:44 ` Ananyev, Konstantin 2019-10-22 22:21 ` Ananyev, Konstantin 2019-10-23 10:05 ` Akhil Goyal 2019-10-30 14:23 ` Ananyev, Konstantin 2019-11-01 13:53 ` Akhil Goyal 2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 2/9] crypto/aesni_gcm: add rte_security handler Fan Zhang 2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 3/9] app/test: add security cpu crypto autotest Fan Zhang 2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 4/9] app/test: add security cpu crypto perftest Fan Zhang 2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 5/9] crypto/aesni_mb: add rte_security handler Fan Zhang 2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 6/9] app/test: add aesni_mb security cpu crypto autotest Fan Zhang 2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 7/9] app/test: add aesni_mb security cpu crypto perftest Fan Zhang 2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 8/9] ipsec: add rte_security cpu_crypto action support Fan Zhang 2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 9/9] examples/ipsec-secgw: add security " Fan Zhang 2019-09-06 13:13 ` [dpdk-dev] [PATCH 00/10] security: add software synchronous crypto process Fan Zhang 2019-09-06 13:13 ` [dpdk-dev] [PATCH 01/10] security: introduce CPU Crypto action type and API Fan Zhang 2019-09-18 12:45 ` Ananyev, Konstantin 2019-09-29 6:00 ` Hemant Agrawal 2019-09-29 16:59 ` Ananyev, Konstantin 2019-09-30 9:43 ` Hemant Agrawal 2019-10-01 15:27 ` Ananyev, Konstantin 2019-10-02 2:47 ` Hemant Agrawal 2019-09-06 13:13 ` [dpdk-dev] [PATCH 02/10] crypto/aesni_gcm: add rte_security handler Fan Zhang 2019-09-18 10:24 ` Ananyev, Konstantin 2019-09-06 13:13 ` [dpdk-dev] [PATCH 03/10] app/test: add security cpu crypto autotest Fan Zhang 2019-09-06 13:13 ` [dpdk-dev] [PATCH 04/10] app/test: add security cpu crypto perftest Fan Zhang 2019-09-06 13:13 ` [dpdk-dev] [PATCH 05/10] crypto/aesni_mb: add rte_security handler Fan Zhang 2019-09-18 15:20 ` Ananyev, Konstantin 2019-09-06 13:13 ` [dpdk-dev] [PATCH 06/10] app/test: add aesni_mb security cpu crypto autotest Fan Zhang 2019-09-06 13:13 ` [dpdk-dev] [PATCH 07/10] app/test: add aesni_mb security cpu crypto perftest Fan Zhang 2019-09-06 13:13 ` [dpdk-dev] [PATCH 08/10] ipsec: add rte_security cpu_crypto action support Fan Zhang 2019-09-26 23:20 ` Ananyev, Konstantin 2019-09-27 10:38 ` Ananyev, Konstantin 2019-09-06 13:13 ` [dpdk-dev] [PATCH 09/10] examples/ipsec-secgw: add security " Fan Zhang 2019-09-06 13:13 ` [dpdk-dev] [PATCH 10/10] doc: update security cpu process description Fan Zhang 2019-09-09 12:43 ` [dpdk-dev] [PATCH 00/10] security: add software synchronous crypto process Aaron Conole 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 " Fan Zhang 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 01/10] security: introduce CPU Crypto action type and API Fan Zhang 2019-10-08 13:42 ` Ananyev, Konstantin 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 02/10] crypto/aesni_gcm: add rte_security handler Fan Zhang 2019-10-08 13:44 ` Ananyev, Konstantin 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 03/10] app/test: add security cpu crypto autotest Fan Zhang 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 04/10] app/test: add security cpu crypto perftest Fan Zhang 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 05/10] crypto/aesni_mb: add rte_security handler Fan Zhang 2019-10-08 16:23 ` Ananyev, Konstantin 2019-10-09 8:29 ` Ananyev, Konstantin 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 06/10] app/test: add aesni_mb security cpu crypto autotest Fan Zhang 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 07/10] app/test: add aesni_mb security cpu crypto perftest Fan Zhang 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 08/10] ipsec: add rte_security cpu_crypto action support Fan Zhang 2019-10-08 23:28 ` Ananyev, Konstantin 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 09/10] examples/ipsec-secgw: add security " Fan Zhang 2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 10/10] doc: update security cpu process description Fan Zhang
Reply instructions: You may reply publically to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190903154046.55992-1-roy.fan.zhang@intel.com \ --to=roy.fan.zhang@intel.com \ --cc=akhil.goyal@nxp.com \ --cc=declan.doherty@intel.com \ --cc=dev@dpdk.org \ --cc=konstantin.ananyev@intel.com \ --cc=pablo.de.lara.guarch@intel.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
DPDK patches and discussions Archives are clonable: git clone --mirror http://inbox.dpdk.org/dev/0 dev/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 dev dev/ http://inbox.dpdk.org/dev \ dev@dpdk.org public-inbox-index dev Newsgroup available over NNTP: nntp://inbox.dpdk.org/inbox.dpdk.dev AGPL code for this site: git clone https://public-inbox.org/ public-inbox