[dpdk-dev] [PATCH 00/10] security: add software synchronous crypto process
aconole at redhat.com
Mon Sep 9 14:43:40 CEST 2019
Fan Zhang <roy.fan.zhang at intel.com> writes:
> This RFC patch adds a way to rte_security to process symmetric crypto
> workload in bulk synchronously for SW crypto devices.
> Originally both SW and HW crypto PMDs works under rte_cryptodev to
> process the crypto workload asynchronously. This way provides uniformity
> to both PMD types but also introduce unnecessary performance penalty to
> SW PMDs such as extra SW ring enqueue/dequeue steps to "simulate"
> asynchronous working manner and unnecessary HW addresses computation.
> We introduce a new way for SW crypto devices that perform crypto operation
> synchronously with only fields required for the computation as input.
> In rte_security, a new action type "RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO"
> is introduced. This action type allows the burst of symmetric crypto
> workload using the same algorithm, key, and direction being processed by
> CPU cycles synchronously. This flexible action type does not require
> external hardware involvement.
> This patch also includes the announcement of a new API
> "rte_security_process_cpu_crypto_bulk". With this API the packet is sent to
> the crypto device for symmetric crypto processing. The device will encrypt
> or decrypt the buffer based on the session data specified and preprocessed
> in the security session. Different than the inline or lookaside modes, when
> the function exits, the user will expect the buffers are either processed
> successfully, or having the error number assigned to the appropriate index
> of the status array.
> The proof-of-concept AESNI-GCM and AESNI-MB SW PMDs are updated with the
> support of this new method. To demonstrate the performance gain with
> this method 2 simple performance evaluation apps under unit-test are added
> "app/test: security_aesni_gcm_perftest/security_aesni_mb_perftest". The
> users can freely compare their results against crypto perf application
> In the end, the ipsec library and ipsec-secgw sample application are also
> updated to support this feature. Several test scripts are added to the
> ipsec-secgw test-suite to prove the correctness of the implementation.
> Fan Zhang (10):
> security: introduce CPU Crypto action type and API
> crypto/aesni_gcm: add rte_security handler
> app/test: add security cpu crypto autotest
> app/test: add security cpu crypto perftest
> crypto/aesni_mb: add rte_security handler
> app/test: add aesni_mb security cpu crypto autotest
> app/test: add aesni_mb security cpu crypto perftest
> ipsec: add rte_security cpu_crypto action support
> examples/ipsec-secgw: add security cpu_crypto action support
> doc: update security cpu process description
This series has problem on aarch64:
../app/test/test_security_cpu_crypto.c:626:16: error: implicit declaration of function ‘rte_get_tsc_hz’ [-Werror=implicit-function-declaration]
uint64_t hz = rte_get_tsc_hz(), time_start, time_now;
../app/test/test_security_cpu_crypto.c:679:16: error: implicit declaration of function ‘rte_rdtsc’ [-Werror=implicit-function-declaration]
time_start = rte_rdtsc();
../app/test/test_security_cpu_crypto.c:711:16: error: implicit declaration of function ‘rte_get_timer_cycles’ [-Werror=implicit-function-declaration]
time_start = rte_get_timer_cycles();
I'm not sure best way to address this in the test - maybe there's a
better API to use for getting the cycles?
More information about the dev