From patchwork Tue Sep 3 15:40:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fan Zhang X-Patchwork-Id: 58526 Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 0D7181BEC5; Tue, 3 Sep 2019 17:41:18 +0200 (CEST) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by dpdk.org (Postfix) with ESMTP id EC14F1BEC3 for ; Tue, 3 Sep 2019 17:41:15 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Sep 2019 08:41:14 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,463,1559545200"; d="scan'208";a="212032466" Received: from silpixa00398673.ir.intel.com (HELO silpixa00398673.ger.corp.intel.com) ([10.237.223.136]) by fmsmga002.fm.intel.com with ESMTP; 03 Sep 2019 08:41:12 -0700 From: Fan Zhang To: dev@dpdk.org Cc: akhil.goyal@nxp.com, konstantin.ananyev@intel.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, Fan Zhang Date: Tue, 3 Sep 2019 16:40:37 +0100 Message-Id: <20190903154046.55992-1-roy.fan.zhang@intel.com> X-Mailer: git-send-email 2.14.5 Subject: [dpdk-dev] [RFC PATCH 0/9] security: add software synchronous crypto process X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This RFC patch adds a way to rte_security to process symmetric crypto workload in bulk synchronously for SW crypto devices. Originally both SW and HW crypto PMDs works under rte_cryptodev to process the crypto workload asynchronously. This way provides uniformity to both PMD types but also introduce unnecessary performance penalty to SW PMDs such as extra SW ring enqueue/dequeue steps to "simulate" asynchronous working manner and unnecessary HW addresses computation. We introduce a new way for SW crypto devices that perform crypto operation synchronously with only fields required for the computation as input. The proof-of-concept AESNI-GCM and AESNI-MB SW PMDs are updated with the support of this new method. To demonstrate the performance gain with this method 2 simple performance evaluation apps under unit-test are added "app/test: security_aesni_gcm_perftest/security_aesni_mb_perftest". The users can freely compare their results against crypto perf application results. Fan Zhang (9): security: introduce CPU Crypto action type and API crypto/aesni_gcm: add rte_security handler app/test: add security cpu crypto autotest app/test: add security cpu crypto perftest crypto/aesni_mb: add rte_security handler app/test: add aesni_mb security cpu crypto autotest app/test: add aesni_mb security cpu crypto perftest ipsec: add rte_security cpu_crypto action support examples/ipsec-secgw: add security cpu_crypto action support app/test/Makefile | 1 + app/test/meson.build | 1 + app/test/test_security_cpu_crypto.c | 1326 ++++++++++++++++++++ drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 91 +- drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 95 ++ drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h | 23 + drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 291 ++++- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 91 +- drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 21 +- examples/ipsec-secgw/ipsec.c | 22 + examples/ipsec-secgw/ipsec_process.c | 4 +- examples/ipsec-secgw/sa.c | 13 +- examples/ipsec-secgw/test/run_test.sh | 10 + .../test/trs_3descbc_sha1_cpu_crypto_defs.sh | 5 + .../test/trs_aescbc_sha1_cpu_crypto_defs.sh | 5 + .../test/trs_aesctr_sha1_cpu_crypto_defs.sh | 5 + .../ipsec-secgw/test/trs_aesgcm_cpu_crypto_defs.sh | 5 + .../test/trs_aesgcm_mb_cpu_crypto_defs.sh | 7 + .../test/tun_3descbc_sha1_cpu_crypto_defs.sh | 5 + .../test/tun_aescbc_sha1_cpu_crypto_defs.sh | 5 + .../test/tun_aesctr_sha1_cpu_crypto_defs.sh | 5 + .../ipsec-secgw/test/tun_aesgcm_cpu_crypto_defs.sh | 5 + .../test/tun_aesgcm_mb_cpu_crypto_defs.sh | 7 + lib/librte_ipsec/esp_inb.c | 174 ++- lib/librte_ipsec/esp_outb.c | 290 ++++- lib/librte_ipsec/sa.c | 53 +- lib/librte_ipsec/sa.h | 29 + lib/librte_ipsec/ses.c | 4 +- lib/librte_security/rte_security.c | 16 + lib/librte_security/rte_security.h | 51 +- lib/librte_security/rte_security_driver.h | 19 + lib/librte_security/rte_security_version.map | 1 + 32 files changed, 2658 insertions(+), 22 deletions(-) create mode 100644 app/test/test_security_cpu_crypto.c create mode 100644 examples/ipsec-secgw/test/trs_3descbc_sha1_cpu_crypto_defs.sh create mode 100644 examples/ipsec-secgw/test/trs_aescbc_sha1_cpu_crypto_defs.sh create mode 100644 examples/ipsec-secgw/test/trs_aesctr_sha1_cpu_crypto_defs.sh create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_cpu_crypto_defs.sh create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_mb_cpu_crypto_defs.sh create mode 100644 examples/ipsec-secgw/test/tun_3descbc_sha1_cpu_crypto_defs.sh create mode 100644 examples/ipsec-secgw/test/tun_aescbc_sha1_cpu_crypto_defs.sh create mode 100644 examples/ipsec-secgw/test/tun_aesctr_sha1_cpu_crypto_defs.sh create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_cpu_crypto_defs.sh create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_mb_cpu_crypto_defs.sh