Re: [dpdk-dev] OpenSSL Cryptodev PMD and openssl engine

["Trahe, Fiona" <fiona.trahe@intel.com>]

Hi Srivathsan,

From: Aravamudan Srivathsan [mailto:Srivathsan.Aravamudan@technicolor.com]
Sent: Thursday, April 27, 2017 2:20 AM
To: Trahe, Fiona <fiona.trahe@intel.com>; dev@dpdk.org
Cc: Doherty, Declan <declan.doherty@intel.com>
Subject: Re: OpenSSL Cryptodev PMD and openssl engine


Hi Fiona,



Thank you for the reply.



I have a crypto device that is connected to PCI. It can do standard crypto operations like AES, DES, and so on.

I have openssl engine (a plugin) for this.

Our environment is

We have DPDK application for routing, forwarding, IPSec etc. (All routing and tunnelling)

We also have IoT application which would like to use the Openssl for doing some crypto operations.



My intention is

1. To use the existing openssl infrastructure (without writing the crypto PMD) to use the hardware acclearation.

2. Share the same device not only for doing the IPsec but also for doing crypto operations outside the DPDK EAL.



Yes the OpenSSL will have extra layer and do a copy of buffer, but the crypto operations will still happen in the driver.



[Fiona] There would be other development effort needed. It's probably not a seamless port, as

the openssl engine infrastructure isn't in the OpenSSL PMD. The PMD is just a wrapper for the calls to the

encryption APIs. Engines in OpenSSL go through a phase of init to load the engine dynamic object. You would probably need to port large sections of this code to the init sequences of the PMD. It's not clear how or if this would fit in the PMD. This is on top of the performance issues already mentioned.





Let me know if i make sense.



Srivathsan





________________________________
From: Trahe, Fiona <fiona.trahe@intel.com<mailto:fiona.trahe@intel.com>>
Sent: Wednesday, April 26, 2017 9:52 PM
To: Aravamudan Srivathsan; dev@dpdk.org<mailto:dev@dpdk.org>
Cc: Trahe, Fiona; Doherty, Declan
Subject: RE: OpenSSL Cryptodev PMD and openssl engine

** WARNING: This mail is from an external source **


Hi Srivathsan,

> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Aravamudan
> Srivathsan
> Sent: Wednesday, April 26, 2017 8:49 AM
> To: dev@dpdk.org<mailto:dev@dpdk.org>
> Subject: [dpdk-dev] OpenSSL Cryptodev PMD and openssl engine
>
> Hi All,
>
> We have a openssl engine available. Is it possible to use the openssl Crypto
> PMD to do the hardware offloading? I am trying to see if i can avoid writing
> the cryptopmd also to reuse the use of the device shared between the DPDK
> and other process.
>
> Thank you
> Srivathsan

It might be possible to plug your openssl engine in below the openssl PMD,
but you would lose the advantage of offloading bursts to the hardware and
would add an extra translation layer on the data path so it
would likely not be a performant solution.
Can you clarify a little how you want to share the device? i.e.
is the other process using the device directly with openssl and is the DPDK process
for IPSec or is this also for ssl?