[PATCH v4 2/5] crypto/openssl: only init 3DES-CTR key + impl once
Ji, Kai
kai.ji at intel.com
Mon Jul 1 14:55:25 CEST 2024
Acked-by: Kai Ji <kai.ji at intel.com>
________________________________
From: Jack Bond-Preston <jack.bond-preston at foss.arm.com>
Sent: 07 June 2024 13:47
To: Ji, Kai <kai.ji at intel.com>
Cc: dev at dpdk.org <dev at dpdk.org>; Wathsala Vithanage <wathsala.vithanage at arm.com>
Subject: [PATCH v4 2/5] crypto/openssl: only init 3DES-CTR key + impl once
Currently the 3DES-CTR cipher context is initialised for every buffer,
setting the cipher implementation and key - even though for every
buffer in the session these values will be the same.
Change to initialising the cipher context once, before any buffers are
processed, instead.
Throughput performance uplift measurements for 3DES-CTR encrypt on
Ampere Altra Max platform:
1 worker lcore
| buffer sz (B) | prev (Gbps) | optimised (Gbps) | uplift |
|-----------------+---------------+--------------------+----------|
| 64 | 0.16 | 0.21 | 35.3% |
| 256 | 0.20 | 0.22 | 9.4% |
| 1024 | 0.22 | 0.23 | 2.3% |
| 2048 | 0.22 | 0.23 | 0.9% |
| 4096 | 0.22 | 0.23 | 0.9% |
8 worker lcores
| buffer sz (B) | prev (Gbps) | optimised (Gbps) | uplift |
|-----------------+---------------+--------------------+----------|
| 64 | 1.01 | 1.34 | 32.9% |
| 256 | 1.51 | 1.66 | 9.9% |
| 1024 | 1.72 | 1.77 | 2.6% |
| 2048 | 1.76 | 1.78 | 1.1% |
| 4096 | 1.79 | 1.80 | 0.6% |
Signed-off-by: Jack Bond-Preston <jack.bond-preston at foss.arm.com>
Reviewed-by: Wathsala Vithanage <wathsala.vithanage at arm.com>
---
drivers/crypto/openssl/rte_openssl_pmd.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 3f7f4d8c37..70f2069985 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -553,6 +553,15 @@ openssl_set_session_cipher_parameters(struct openssl_session *sess,
sess->cipher.key.length,
sess->cipher.key.data) != 0)
return -EINVAL;
+
+
+ /* We use 3DES encryption also for decryption.
+ * IV is not important for 3DES ECB.
+ */
+ if (EVP_EncryptInit_ex(sess->cipher.ctx, EVP_des_ede3_ecb(),
+ NULL, sess->cipher.key.data, NULL) != 1)
+ return -EINVAL;
+
break;
case RTE_CRYPTO_CIPHER_DES_CBC:
@@ -1172,8 +1181,7 @@ process_openssl_cipher_decrypt(struct rte_mbuf *mbuf_src, uint8_t *dst,
/** Process cipher des 3 ctr encryption, decryption algorithm */
static int
process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,
- int offset, uint8_t *iv, uint8_t *key, int srclen,
- EVP_CIPHER_CTX *ctx)
+ int offset, uint8_t *iv, int srclen, EVP_CIPHER_CTX *ctx)
{
uint8_t ebuf[8], ctr[8];
int unused, n;
@@ -1191,12 +1199,6 @@ process_openssl_cipher_des3ctr(struct rte_mbuf *mbuf_src, uint8_t *dst,
src = rte_pktmbuf_mtod_offset(m, uint8_t *, offset);
l = rte_pktmbuf_data_len(m) - offset;
- /* We use 3DES encryption also for decryption.
- * IV is not important for 3DES ecb
- */
- if (EVP_EncryptInit_ex(ctx, EVP_des_ede3_ecb(), NULL, key, NULL) <= 0)
- goto process_cipher_des3ctr_err;
-
memcpy(ctr, iv, 8);
for (n = 0; n < srclen; n++) {
@@ -1740,8 +1742,7 @@ process_openssl_cipher_op
srclen, ctx_copy, inplace);
else
status = process_openssl_cipher_des3ctr(mbuf_src, dst,
- op->sym->cipher.data.offset, iv,
- sess->cipher.key.data, srclen,
+ op->sym->cipher.data.offset, iv, srclen,
ctx_copy);
EVP_CIPHER_CTX_free(ctx_copy);
--
2.34.1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mails.dpdk.org/archives/dev/attachments/20240701/a270f5ec/attachment.htm>
More information about the dev
mailing list