From: Fan Zhang <roy.fan.zhang@intel.com>
To: dev@dpdk.org
Cc: konstantin.ananyev@intel.com, declan.doherty@intel.com,
akhil.goyal@nxp.com, Fan Zhang <roy.fan.zhang@intel.com>
Subject: [dpdk-dev] [PATCH v2 00/10] security: add software synchronous crypto process
Date: Mon, 7 Oct 2019 17:28:40 +0100 [thread overview]
Message-ID: <20191007162850.60552-1-roy.fan.zhang@intel.com> (raw)
In-Reply-To: <20190906131330.40185-1-roy.fan.zhang@intel.com>
This RFC patch adds a way to rte_security to process symmetric crypto
workload in bulk synchronously for SW crypto devices.
Originally both SW and HW crypto PMDs works under rte_cryptodev to
process the crypto workload asynchronously. This way provides uniformity
to both PMD types but also introduce unnecessary performance penalty to
SW PMDs such as extra SW ring enqueue/dequeue steps to "simulate"
asynchronous working manner and unnecessary HW addresses computation.
We introduce a new way for SW crypto devices that perform crypto operation
synchronously with only fields required for the computation as input.
In rte_security, a new action type "RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO"
is introduced. This action type allows the burst of symmetric crypto
workload using the same algorithm, key, and direction being processed by
CPU cycles synchronously. This flexible action type does not require
external hardware involvement.
This patch also includes the announcement of a new API
"rte_security_process_cpu_crypto_bulk". With this API the packet is sent to
the crypto device for symmetric crypto processing. The device will encrypt
or decrypt the buffer based on the session data specified and preprocessed
in the security session. Different than the inline or lookaside modes, when
the function exits, the user will expect the buffers are either processed
successfully, or having the error number assigned to the appropriate index
of the status array.
The proof-of-concept AESNI-GCM and AESNI-MB SW PMDs are updated with the
support of this new method. To demonstrate the performance gain with
this method 2 simple performance evaluation apps under unit-test are added
"app/test: security_aesni_gcm_perftest/security_aesni_mb_perftest". The
users can freely compare their results against crypto perf application
results.
In the end, the ipsec library and ipsec-secgw sample application are also
updated to support this feature. Several test scripts are added to the
ipsec-secgw test-suite to prove the correctness of the implementation.
v2:
- changed API return from "void" to "int"
- rework on ipsec library implementation.
- fixed bugs in aesni-mb PMD.
- fixed bugs in ipsec-secgw application.
Fan Zhang (10):
security: introduce CPU Crypto action type and API
crypto/aesni_gcm: add rte_security handler
app/test: add security cpu crypto autotest
app/test: add security cpu crypto perftest
crypto/aesni_mb: add rte_security handler
app/test: add aesni_mb security cpu crypto autotest
app/test: add aesni_mb security cpu crypto perftest
ipsec: add rte_security cpu_crypto action support
examples/ipsec-secgw: add security cpu_crypto action support
doc: update security cpu process description
app/test/Makefile | 1 +
app/test/meson.build | 1 +
app/test/test_security_cpu_crypto.c | 1326 ++++++++++++++++++++
doc/guides/cryptodevs/aesni_gcm.rst | 6 +
doc/guides/cryptodevs/aesni_mb.rst | 7 +
doc/guides/prog_guide/rte_security.rst | 112 +-
doc/guides/rel_notes/release_19_11.rst | 7 +
drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 97 +-
drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 95 ++
drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h | 23 +
drivers/crypto/aesni_gcm/meson.build | 2 +-
drivers/crypto/aesni_mb/meson.build | 2 +-
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 368 +++++-
drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 92 +-
drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 21 +-
examples/ipsec-secgw/ipsec.c | 35 +
examples/ipsec-secgw/ipsec_process.c | 7 +-
examples/ipsec-secgw/sa.c | 13 +-
examples/ipsec-secgw/test/run_test.sh | 10 +
.../test/trs_3descbc_sha1_common_defs.sh | 8 +-
.../test/trs_3descbc_sha1_cpu_crypto_defs.sh | 5 +
.../test/trs_aescbc_sha1_common_defs.sh | 8 +-
.../test/trs_aescbc_sha1_cpu_crypto_defs.sh | 5 +
.../test/trs_aesctr_sha1_common_defs.sh | 8 +-
.../test/trs_aesctr_sha1_cpu_crypto_defs.sh | 5 +
.../ipsec-secgw/test/trs_aesgcm_cpu_crypto_defs.sh | 5 +
.../test/trs_aesgcm_mb_cpu_crypto_defs.sh | 7 +
.../test/tun_3descbc_sha1_common_defs.sh | 8 +-
.../test/tun_3descbc_sha1_cpu_crypto_defs.sh | 5 +
.../test/tun_aescbc_sha1_common_defs.sh | 8 +-
.../test/tun_aescbc_sha1_cpu_crypto_defs.sh | 5 +
.../test/tun_aesctr_sha1_common_defs.sh | 8 +-
.../test/tun_aesctr_sha1_cpu_crypto_defs.sh | 5 +
.../ipsec-secgw/test/tun_aesgcm_cpu_crypto_defs.sh | 5 +
.../test/tun_aesgcm_mb_cpu_crypto_defs.sh | 7 +
lib/librte_ipsec/crypto.h | 24 +
lib/librte_ipsec/esp_inb.c | 200 ++-
lib/librte_ipsec/esp_outb.c | 369 +++++-
lib/librte_ipsec/sa.c | 53 +-
lib/librte_ipsec/sa.h | 29 +
lib/librte_ipsec/ses.c | 4 +-
lib/librte_security/rte_security.c | 11 +
lib/librte_security/rte_security.h | 53 +-
lib/librte_security/rte_security_driver.h | 22 +
lib/librte_security/rte_security_version.map | 1 +
45 files changed, 2994 insertions(+), 99 deletions(-)
create mode 100644 app/test/test_security_cpu_crypto.c
create mode 100644 examples/ipsec-secgw/test/trs_3descbc_sha1_cpu_crypto_defs.sh
create mode 100644 examples/ipsec-secgw/test/trs_aescbc_sha1_cpu_crypto_defs.sh
create mode 100644 examples/ipsec-secgw/test/trs_aesctr_sha1_cpu_crypto_defs.sh
create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_cpu_crypto_defs.sh
create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_mb_cpu_crypto_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_3descbc_sha1_cpu_crypto_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_aescbc_sha1_cpu_crypto_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_aesctr_sha1_cpu_crypto_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_cpu_crypto_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_mb_cpu_crypto_defs.sh
--
2.14.5
next prev parent reply other threads:[~2019-10-07 16:29 UTC|newest]
Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-03 15:40 [dpdk-dev] [RFC PATCH 0/9] " Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 1/9] security: introduce CPU Crypto action type and API Fan Zhang
2019-09-04 10:32 ` Akhil Goyal
2019-09-04 13:06 ` Zhang, Roy Fan
2019-09-06 9:01 ` Akhil Goyal
2019-09-06 13:12 ` Zhang, Roy Fan
2019-09-10 11:25 ` Akhil Goyal
2019-09-11 13:01 ` Ananyev, Konstantin
2019-09-06 13:27 ` Ananyev, Konstantin
2019-09-10 10:44 ` Akhil Goyal
2019-09-11 12:29 ` Ananyev, Konstantin
2019-09-12 14:12 ` Akhil Goyal
2019-09-16 14:53 ` Ananyev, Konstantin
2019-09-16 15:08 ` Ananyev, Konstantin
2019-09-17 6:02 ` Akhil Goyal
2019-09-18 7:44 ` Ananyev, Konstantin
2019-09-25 18:24 ` Ananyev, Konstantin
2019-09-27 9:26 ` Akhil Goyal
2019-09-30 12:22 ` Ananyev, Konstantin
2019-09-30 13:43 ` Akhil Goyal
2019-10-01 14:49 ` Ananyev, Konstantin
2019-10-03 13:24 ` Akhil Goyal
2019-10-07 12:53 ` Ananyev, Konstantin
2019-10-09 7:20 ` Akhil Goyal
2019-10-09 13:43 ` Ananyev, Konstantin
2019-10-11 13:23 ` Akhil Goyal
2019-10-13 23:07 ` Zhang, Roy Fan
2019-10-14 11:10 ` Ananyev, Konstantin
2019-10-15 15:02 ` Akhil Goyal
2019-10-16 13:04 ` Ananyev, Konstantin
2019-10-15 15:00 ` Akhil Goyal
2019-10-16 22:07 ` Ananyev, Konstantin
2019-10-17 12:49 ` Ananyev, Konstantin
2019-10-18 13:17 ` Akhil Goyal
2019-10-21 13:47 ` Ananyev, Konstantin
2019-10-22 13:31 ` Akhil Goyal
2019-10-22 17:44 ` Ananyev, Konstantin
2019-10-22 22:21 ` Ananyev, Konstantin
2019-10-23 10:05 ` Akhil Goyal
2019-10-30 14:23 ` Ananyev, Konstantin
2019-11-01 13:53 ` Akhil Goyal
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 2/9] crypto/aesni_gcm: add rte_security handler Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 3/9] app/test: add security cpu crypto autotest Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 4/9] app/test: add security cpu crypto perftest Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 5/9] crypto/aesni_mb: add rte_security handler Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 6/9] app/test: add aesni_mb security cpu crypto autotest Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 7/9] app/test: add aesni_mb security cpu crypto perftest Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 8/9] ipsec: add rte_security cpu_crypto action support Fan Zhang
2019-09-03 15:40 ` [dpdk-dev] [RFC PATCH 9/9] examples/ipsec-secgw: add security " Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 00/10] security: add software synchronous crypto process Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 01/10] security: introduce CPU Crypto action type and API Fan Zhang
2019-09-18 12:45 ` Ananyev, Konstantin
2019-09-29 6:00 ` Hemant Agrawal
2019-09-29 16:59 ` Ananyev, Konstantin
2019-09-30 9:43 ` Hemant Agrawal
2019-10-01 15:27 ` Ananyev, Konstantin
2019-10-02 2:47 ` Hemant Agrawal
2019-09-06 13:13 ` [dpdk-dev] [PATCH 02/10] crypto/aesni_gcm: add rte_security handler Fan Zhang
2019-09-18 10:24 ` Ananyev, Konstantin
2019-09-06 13:13 ` [dpdk-dev] [PATCH 03/10] app/test: add security cpu crypto autotest Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 04/10] app/test: add security cpu crypto perftest Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 05/10] crypto/aesni_mb: add rte_security handler Fan Zhang
2019-09-18 15:20 ` Ananyev, Konstantin
2019-09-06 13:13 ` [dpdk-dev] [PATCH 06/10] app/test: add aesni_mb security cpu crypto autotest Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 07/10] app/test: add aesni_mb security cpu crypto perftest Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 08/10] ipsec: add rte_security cpu_crypto action support Fan Zhang
2019-09-26 23:20 ` Ananyev, Konstantin
2019-09-27 10:38 ` Ananyev, Konstantin
2019-09-06 13:13 ` [dpdk-dev] [PATCH 09/10] examples/ipsec-secgw: add security " Fan Zhang
2019-09-06 13:13 ` [dpdk-dev] [PATCH 10/10] doc: update security cpu process description Fan Zhang
2019-09-09 12:43 ` [dpdk-dev] [PATCH 00/10] security: add software synchronous crypto process Aaron Conole
2019-10-07 16:28 ` Fan Zhang [this message]
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 01/10] security: introduce CPU Crypto action type and API Fan Zhang
2019-10-08 13:42 ` Ananyev, Konstantin
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 02/10] crypto/aesni_gcm: add rte_security handler Fan Zhang
2019-10-08 13:44 ` Ananyev, Konstantin
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 03/10] app/test: add security cpu crypto autotest Fan Zhang
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 04/10] app/test: add security cpu crypto perftest Fan Zhang
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 05/10] crypto/aesni_mb: add rte_security handler Fan Zhang
2019-10-08 16:23 ` Ananyev, Konstantin
2019-10-09 8:29 ` Ananyev, Konstantin
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 06/10] app/test: add aesni_mb security cpu crypto autotest Fan Zhang
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 07/10] app/test: add aesni_mb security cpu crypto perftest Fan Zhang
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 08/10] ipsec: add rte_security cpu_crypto action support Fan Zhang
2019-10-08 23:28 ` Ananyev, Konstantin
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 09/10] examples/ipsec-secgw: add security " Fan Zhang
2019-10-07 16:28 ` [dpdk-dev] [PATCH v2 10/10] doc: update security cpu process description Fan Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191007162850.60552-1-roy.fan.zhang@intel.com \
--to=roy.fan.zhang@intel.com \
--cc=akhil.goyal@nxp.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=konstantin.ananyev@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).