[dpdk-dev] [RFC PATCH 0/9] security: add software synchronous crypto process
Fan Zhang
roy.fan.zhang at intel.com
Tue Sep 3 17:40:37 CEST 2019
This RFC patch adds a way to rte_security to process symmetric crypto
workload in bulk synchronously for SW crypto devices.
Originally both SW and HW crypto PMDs works under rte_cryptodev to
process the crypto workload asynchronously. This way provides uniformity
to both PMD types but also introduce unnecessary performance penalty to
SW PMDs such as extra SW ring enqueue/dequeue steps to "simulate"
asynchronous working manner and unnecessary HW addresses computation.
We introduce a new way for SW crypto devices that perform crypto operation
synchronously with only fields required for the computation as input. The
proof-of-concept AESNI-GCM and AESNI-MB SW PMDs are updated with the
support of this new method. To demonstrate the performance gain with
this method 2 simple performance evaluation apps under unit-test are added
"app/test: security_aesni_gcm_perftest/security_aesni_mb_perftest". The
users can freely compare their results against crypto perf application
results.
Fan Zhang (9):
security: introduce CPU Crypto action type and API
crypto/aesni_gcm: add rte_security handler
app/test: add security cpu crypto autotest
app/test: add security cpu crypto perftest
crypto/aesni_mb: add rte_security handler
app/test: add aesni_mb security cpu crypto autotest
app/test: add aesni_mb security cpu crypto perftest
ipsec: add rte_security cpu_crypto action support
examples/ipsec-secgw: add security cpu_crypto action support
app/test/Makefile | 1 +
app/test/meson.build | 1 +
app/test/test_security_cpu_crypto.c | 1326 ++++++++++++++++++++
drivers/crypto/aesni_gcm/aesni_gcm_pmd.c | 91 +-
drivers/crypto/aesni_gcm/aesni_gcm_pmd_ops.c | 95 ++
drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h | 23 +
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 291 ++++-
drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 91 +-
drivers/crypto/aesni_mb/rte_aesni_mb_pmd_private.h | 21 +-
examples/ipsec-secgw/ipsec.c | 22 +
examples/ipsec-secgw/ipsec_process.c | 4 +-
examples/ipsec-secgw/sa.c | 13 +-
examples/ipsec-secgw/test/run_test.sh | 10 +
.../test/trs_3descbc_sha1_cpu_crypto_defs.sh | 5 +
.../test/trs_aescbc_sha1_cpu_crypto_defs.sh | 5 +
.../test/trs_aesctr_sha1_cpu_crypto_defs.sh | 5 +
.../ipsec-secgw/test/trs_aesgcm_cpu_crypto_defs.sh | 5 +
.../test/trs_aesgcm_mb_cpu_crypto_defs.sh | 7 +
.../test/tun_3descbc_sha1_cpu_crypto_defs.sh | 5 +
.../test/tun_aescbc_sha1_cpu_crypto_defs.sh | 5 +
.../test/tun_aesctr_sha1_cpu_crypto_defs.sh | 5 +
.../ipsec-secgw/test/tun_aesgcm_cpu_crypto_defs.sh | 5 +
.../test/tun_aesgcm_mb_cpu_crypto_defs.sh | 7 +
lib/librte_ipsec/esp_inb.c | 174 ++-
lib/librte_ipsec/esp_outb.c | 290 ++++-
lib/librte_ipsec/sa.c | 53 +-
lib/librte_ipsec/sa.h | 29 +
lib/librte_ipsec/ses.c | 4 +-
lib/librte_security/rte_security.c | 16 +
lib/librte_security/rte_security.h | 51 +-
lib/librte_security/rte_security_driver.h | 19 +
lib/librte_security/rte_security_version.map | 1 +
32 files changed, 2658 insertions(+), 22 deletions(-)
create mode 100644 app/test/test_security_cpu_crypto.c
create mode 100644 examples/ipsec-secgw/test/trs_3descbc_sha1_cpu_crypto_defs.sh
create mode 100644 examples/ipsec-secgw/test/trs_aescbc_sha1_cpu_crypto_defs.sh
create mode 100644 examples/ipsec-secgw/test/trs_aesctr_sha1_cpu_crypto_defs.sh
create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_cpu_crypto_defs.sh
create mode 100644 examples/ipsec-secgw/test/trs_aesgcm_mb_cpu_crypto_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_3descbc_sha1_cpu_crypto_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_aescbc_sha1_cpu_crypto_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_aesctr_sha1_cpu_crypto_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_cpu_crypto_defs.sh
create mode 100644 examples/ipsec-secgw/test/tun_aesgcm_mb_cpu_crypto_defs.sh
--
2.14.5
More information about the dev
mailing list