From: Jack Bond-Preston <jack.bond-preston@foss.arm.com>
To: Kai Ji <kai.ji@intel.com>
Cc: dev@dpdk.org, Wathsala Vithanage <wathsala.vithanage@arm.com>
Subject: [PATCH v2 2/5] crypto/openssl: only init 3DES-CTR key + impl once
Date: Mon, 3 Jun 2024 18:43:45 +0000 [thread overview]
Message-ID: <20240603184348.1310331-3-jack.bond-preston@foss.arm.com> (raw)
In-Reply-To: <20240603184348.1310331-1-jack.bond-preston@foss.arm.com>
Currently the 3DES-CTR cipher context is initialised for every buffer,
setting the cipher implementation and key - even though for every
buffer in the session these values will be the same.
Change to initialising the cipher context once, before any buffers are
processed, instead.
Throughput performance uplift measurements for 3DES-CTR encrypt on
Ampere Altra Max platform:
1 worker lcore
| buffer sz (B) | prev (Gbps) | optimised (Gbps) | uplift |
|-----------------+---------------+--------------------+----------|
| 64 | 0.16 | 0.21 | 35.3% |
| 256 | 0.20 | 0.22 | 9.4% |
| 1024 | 0.22 | 0.23 | 2.3% |
| 2048 | 0.22 | 0.23 | 0.9% |
| 4096 | 0.22 | 0.23 | 0.9% |
8 worker lcores
| buffer sz (B) | prev (Gbps) | optimised (Gbps) | uplift |
|-----------------+---------------+--------------------+----------|
| 64 | 1.01 | 1.34 | 32.9% |
| 256 | 1.51 | 1.66 | 9.9% |
| 1024 | 1.72 | 1.77 | 2.6% |
| 2048 | 1.76 | 1.78 | 1.1% |
| 4096 | 1.79 | 1.80 | 0.6% |
Signed-off-by: Jack Bond-Preston <jack.bond-preston@foss.arm.com>
Reviewed-by: Wathsala Vithanage <wathsala.vithanage@arm.com>
---
drivers/crypto/openssl/rte_openssl_pmd.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index ca7ed30ec4..175ffda2b9 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -521,6 +521,15 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
sess->cipher.key.length,
sess->cipher.key.data) != 0)
return -EINVAL;
+
+
+ /* We use 3DES encryption also for decryption.
+ * IV is not important for 3DES ECB.
+ */
+ if (EVP_EncryptInit_ex(sess->cipher.ctx, EVP_des_ede3_ecb(),
+ NULL, sess->cipher.key.data, NULL) != 1)
+ return -EINVAL;
+
break;
case RTE_CRYPTO_CIPHER_DES_CBC:
@@ -1136,8 +1145,7 @@ process_openssl_cipher_decrypt(struct rte_mbuf *mbuf_src, uint8_t *dst,
/** Process cipher des 3 ctr encryption, decryption algorithm */
static int
process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,
- int offset, uint8_t *iv, uint8_t *key, int srclen,
- EVP_CIPHER_CTX *ctx)
+ int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx)
{
uint8_t ebuf[8], ctr[8];
int unused, n;
@@ -1155,12 +1163,6 @@ process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,
src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
l = rte_pktmbuf_data_len(m) - offset;
- /* We use 3DES encryption also for decryption.
- * IV is not important for 3DES ecb
- */
- if (EVP_EncryptInit_ex(ctx, EVP_des_ede3_ecb(), NULL, key, NULL) <= 0)
- goto process_cipher_des3ctr_err;
-
memcpy(ctr, iv, 8);
for (n = 0; n < srclen; n++) {
@@ -1701,8 +1703,7 @@ process_openssl_cipher_op
srclen, ctx_copy, inplace);
else
status = process_openssl_cipher_des3ctr(mbuf_src, dst,
- op->sym->cipher.data.offset, iv,
- sess->cipher.key.data, srclen,
+ op->sym->cipher.data.offset, iv, srclen,
ctx_copy);
EVP_CIPHER_CTX_free(ctx_copy);
--
2.34.1
next prev parent reply other threads:[~2024-06-03 19:21 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-03 16:01 [PATCH 0/5] OpenSSL PMD Optimisations Jack Bond-Preston
2024-06-03 16:01 ` [PATCH 1/5] crypto/openssl: fix GCM and CCM thread unsafe ctxs Jack Bond-Preston
2024-06-03 16:12 ` Jack Bond-Preston
2024-06-03 16:01 ` [PATCH 2/5] crypto/openssl: only init 3DES-CTR key + impl once Jack Bond-Preston
2024-06-03 16:01 ` [PATCH 3/5] crypto/openssl: per-qp cipher context clones Jack Bond-Preston
2024-06-03 16:01 ` [PATCH 4/5] crypto/openssl: per-qp auth " Jack Bond-Preston
2024-06-03 16:30 ` Jack Bond-Preston
2024-06-03 16:01 ` [PATCH 5/5] crypto/openssl: only set cipher padding once Jack Bond-Preston
2024-06-03 18:43 ` [PATCH v2 0/5] OpenSSL PMD Optimisations Jack Bond-Preston
2024-06-03 18:43 ` [PATCH v2 1/5] crypto/openssl: fix GCM and CCM thread unsafe ctxs Jack Bond-Preston
2024-06-03 18:43 ` Jack Bond-Preston [this message]
2024-06-03 18:43 ` [PATCH v2 3/5] crypto/openssl: per-qp cipher context clones Jack Bond-Preston
2024-06-03 18:43 ` [PATCH v2 4/5] crypto/openssl: per-qp auth " Jack Bond-Preston
2024-06-03 18:43 ` [PATCH v2 5/5] crypto/openssl: only set cipher padding once Jack Bond-Preston
2024-06-03 18:59 ` [PATCH v2 0/5] OpenSSL PMD Optimisations Jack Bond-Preston
2024-06-03 18:59 ` [PATCH v2 1/5] crypto/openssl: fix GCM and CCM thread unsafe ctxs Jack Bond-Preston
2024-06-03 18:59 ` [PATCH v2 2/5] crypto/openssl: only init 3DES-CTR key + impl once Jack Bond-Preston
2024-06-03 18:59 ` [PATCH v2 3/5] crypto/openssl: per-qp cipher context clones Jack Bond-Preston
2024-06-03 18:59 ` [PATCH v2 4/5] crypto/openssl: per-qp auth " Jack Bond-Preston
2024-06-03 18:59 ` [PATCH v2 5/5] crypto/openssl: only set cipher padding once Jack Bond-Preston
2024-06-06 10:20 ` [PATCH v3 0/5] OpenSSL PMD Optimisations Jack Bond-Preston
2024-06-06 10:20 ` [PATCH v3 1/5] crypto/openssl: fix GCM and CCM thread unsafe ctxs Jack Bond-Preston
2024-06-06 10:44 ` [EXTERNAL] " Akhil Goyal
2024-06-06 10:20 ` [PATCH v3 2/5] crypto/openssl: only init 3DES-CTR key + impl once Jack Bond-Preston
2024-06-06 10:20 ` [PATCH v3 3/5] crypto/openssl: per-qp cipher context clones Jack Bond-Preston
2024-06-06 10:20 ` [PATCH v3 4/5] crypto/openssl: per-qp auth " Jack Bond-Preston
2024-06-06 10:20 ` [PATCH v3 5/5] crypto/openssl: only set cipher padding once Jack Bond-Preston
2024-06-07 12:47 ` [PATCH v4 0/5] OpenSSL PMD Optimisations Jack Bond-Preston
2024-06-07 12:47 ` [PATCH v4 1/5] crypto/openssl: fix GCM and CCM thread unsafe ctxs Jack Bond-Preston
2024-06-07 12:47 ` [PATCH v4 2/5] crypto/openssl: only init 3DES-CTR key + impl once Jack Bond-Preston
2024-06-07 12:47 ` [PATCH v4 3/5] crypto/openssl: per-qp cipher context clones Jack Bond-Preston
2024-06-07 12:47 ` [PATCH v4 4/5] crypto/openssl: per-qp auth " Jack Bond-Preston
2024-06-07 12:47 ` [PATCH v4 5/5] crypto/openssl: only set cipher padding once Jack Bond-Preston
2024-06-24 16:14 ` [PATCH 0/5] OpenSSL PMD Optimisations Ji, Kai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240603184348.1310331-3-jack.bond-preston@foss.arm.com \
--to=jack.bond-preston@foss.arm.com \
--cc=dev@dpdk.org \
--cc=kai.ji@intel.com \
--cc=wathsala.vithanage@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).