All of lore.kernel.org
 help / color / mirror / Atom feed
From: Hemant Agrawal <hemant.agrawal@oss.nxp.com>
To: Akhil Goyal <gakhil@marvell.com>, dev@dpdk.org
Cc: thomas@monjalon.net, david.marchand@redhat.com,
	hemant.agrawal@nxp.com, anoobj@marvell.com,
	pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com,
	declan.doherty@intel.com, matan@nvidia.com, g.singh@nxp.com,
	roy.fan.zhang@intel.com, jianjay.zhou@huawei.com,
	asomalap@amd.com, ruifeng.wang@arm.com,
	konstantin.ananyev@intel.com, radu.nicolau@intel.com,
	ajit.khaparde@broadcom.com, rnagadheeraj@marvell.com,
	adwivedi@marvell.com, ciara.power@intel.com
Subject: Re: [dpdk-dev] [PATCH v2] test/crypto-perf: support lookaside IPsec
Date: Wed, 20 Oct 2021 18:40:52 +0530	[thread overview]
Message-ID: <43bb7b32-ab2b-3482-25b5-cca5e501dbb6@oss.nxp.com> (raw)
In-Reply-To: <20211008201546.3496585-1-gakhil@marvell.com>

Acked-by:  Hemant Agrawal <hemant.agrawal@nxp.com>

On 10/9/2021 1:45 AM, Akhil Goyal wrote:
> Added support for lookaside IPsec protocol offload.
> Supported cases:
> -AEAD
> -Cipher+auth
>
> Command used for testing:
> ./dpdk-test-crypto-perf -c 0xf -- --devtype crypto_octeontx2 --ptest
> throughput --optype ipsec --cipher-algo aes-cbc --pool-sz 16384
> --cipher-op encrypt --cipher-key-sz 16 --cipher-iv-sz 16 --auth-algo
> sha1-hmac --auth-op generate --digest-sz 16 --total-ops 10000000
> --burst-sz 32 --buffer-sz 64,128,256,512,1024,1280,2048
>
> ./dpdk-test-crypto-perf -c 0xf -- --devtype crypto_octeontx2 --ptest
> throughput --optype ipsec --aead-algo aes-gcm --pool-sz 16384
> --aead-op encrypt --aead-key-sz 32 --aead-iv-sz 12 --aead-aad-sz 16
> --digest-sz 16 --total-ops 10000000 --burst-sz 32
> --buffer-sz 64,128,256,512,1024,1280,2048
>
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
> ---
> v2: added release notes.
>
>   app/test-crypto-perf/cperf_ops.c             | 179 ++++++++++++++++---
>   app/test-crypto-perf/cperf_options.h         |   1 +
>   app/test-crypto-perf/cperf_options_parsing.c |   4 +
>   app/test-crypto-perf/cperf_test_throughput.c |   3 +-
>   app/test-crypto-perf/cperf_test_vectors.c    |   6 +-
>   app/test-crypto-perf/main.c                  |   3 +-
>   doc/guides/rel_notes/release_21_11.rst       |   1 +
>   7 files changed, 166 insertions(+), 31 deletions(-)
>
> diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
> index 4b7d66edb2..b2073f0738 100644
> --- a/app/test-crypto-perf/cperf_ops.c
> +++ b/app/test-crypto-perf/cperf_ops.c
> @@ -62,7 +62,13 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
>   		sym_op->m_src = (struct rte_mbuf *)((uint8_t *)ops[i] +
>   							src_buf_offset);
>   
> -		if (options->op_type == CPERF_PDCP) {
> +		if (options->op_type == CPERF_PDCP ||
> +				options->op_type == CPERF_IPSEC) {
> +			/* In case of IPsec, headroom is consumed by PMD,
> +			 * hence resetting it.
> +			 */
> +			sym_op->m_src->data_off = options->headroom_sz;
> +
>   			sym_op->m_src->buf_len = options->segment_sz;
>   			sym_op->m_src->data_len = options->test_buffer_size;
>   			sym_op->m_src->pkt_len = sym_op->m_src->data_len;
> @@ -565,6 +571,123 @@ cperf_set_ops_aead(struct rte_crypto_op **ops,
>   	return 0;
>   }
>   
> +static struct rte_cryptodev_sym_session *
> +create_ipsec_session(struct rte_mempool *sess_mp,
> +		struct rte_mempool *priv_mp,
> +		uint8_t dev_id,
> +		const struct cperf_options *options,
> +		const struct cperf_test_vector *test_vector,
> +		uint16_t iv_offset)
> +{
> +	struct rte_crypto_sym_xform xform = {0};
> +	struct rte_crypto_sym_xform auth_xform = {0};
> +
> +	if (options->aead_algo != 0) {
> +		/* Setup AEAD Parameters */
> +		xform.type = RTE_CRYPTO_SYM_XFORM_AEAD;
> +		xform.next = NULL;
> +		xform.aead.algo = options->aead_algo;
> +		xform.aead.op = options->aead_op;
> +		xform.aead.iv.offset = iv_offset;
> +		xform.aead.key.data = test_vector->aead_key.data;
> +		xform.aead.key.length = test_vector->aead_key.length;
> +		xform.aead.iv.length = test_vector->aead_iv.length;
> +		xform.aead.digest_length = options->digest_sz;
> +		xform.aead.aad_length = options->aead_aad_sz;
> +	} else if (options->cipher_algo != 0 && options->auth_algo != 0) {
> +		/* Setup Cipher Parameters */
> +		xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
> +		xform.next = NULL;
> +		xform.cipher.algo = options->cipher_algo;
> +		xform.cipher.op = options->cipher_op;
> +		xform.cipher.iv.offset = iv_offset;
> +		xform.cipher.iv.length = test_vector->cipher_iv.length;
> +		/* cipher different than null */
> +		if (options->cipher_algo != RTE_CRYPTO_CIPHER_NULL) {
> +			xform.cipher.key.data = test_vector->cipher_key.data;
> +			xform.cipher.key.length =
> +				test_vector->cipher_key.length;
> +		} else {
> +			xform.cipher.key.data = NULL;
> +			xform.cipher.key.length = 0;
> +		}
> +
> +		/* Setup Auth Parameters */
> +		auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
> +		auth_xform.next = NULL;
> +		auth_xform.auth.algo = options->auth_algo;
> +		auth_xform.auth.op = options->auth_op;
> +		auth_xform.auth.iv.offset = iv_offset +
> +				xform.cipher.iv.length;
> +		/* auth different than null */
> +		if (options->auth_algo != RTE_CRYPTO_AUTH_NULL) {
> +			auth_xform.auth.digest_length = options->digest_sz;
> +			auth_xform.auth.key.length =
> +						test_vector->auth_key.length;
> +			auth_xform.auth.key.data = test_vector->auth_key.data;
> +			auth_xform.auth.iv.length = test_vector->auth_iv.length;
> +		} else {
> +			auth_xform.auth.digest_length = 0;
> +			auth_xform.auth.key.length = 0;
> +			auth_xform.auth.key.data = NULL;
> +			auth_xform.auth.iv.length = 0;
> +		}
> +
> +		xform.next = &auth_xform;
> +	} else {
> +		return NULL;
> +	}
> +
> +#define CPERF_IPSEC_SRC_IP	0x01010101
> +#define CPERF_IPSEC_DST_IP	0x02020202
> +#define CPERF_IPSEC_SALT	0x0
> +#define CPERF_IPSEC_DEFTTL	64
> +	struct rte_security_ipsec_tunnel_param tunnel = {
> +		.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4,
> +		{.ipv4 = {
> +			.src_ip = { .s_addr = CPERF_IPSEC_SRC_IP},
> +			.dst_ip = { .s_addr = CPERF_IPSEC_DST_IP},
> +			.dscp = 0,
> +			.df = 0,
> +			.ttl = CPERF_IPSEC_DEFTTL,
> +		} },
> +	};
> +	struct rte_security_session_conf sess_conf = {
> +		.action_type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
> +		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
> +		{.ipsec = {
> +			.spi = rte_lcore_id(),
> +			/**< For testing sake, lcore_id is taken as SPI so that
> +			 * for every core a different session is created.
> +			 */
> +			.salt = CPERF_IPSEC_SALT,
> +			.options = { 0 },
> +			.replay_win_sz = 0,
> +			.direction =
> +				((options->cipher_op ==
> +					RTE_CRYPTO_CIPHER_OP_ENCRYPT) &&
> +				(options->auth_op ==
> +					RTE_CRYPTO_AUTH_OP_GENERATE)) ||
> +				(options->aead_op ==
> +					RTE_CRYPTO_AEAD_OP_ENCRYPT) ?
> +				RTE_SECURITY_IPSEC_SA_DIR_EGRESS :
> +				RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
> +			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
> +			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
> +			.tunnel = tunnel,
> +		} },
> +		.userdata = NULL,
> +		.crypto_xform = &xform
> +	};
> +
> +	struct rte_security_ctx *ctx = (struct rte_security_ctx *)
> +				rte_cryptodev_get_sec_ctx(dev_id);
> +
> +	/* Create security session */
> +	return (void *)rte_security_session_create(ctx,
> +				&sess_conf, sess_mp, priv_mp);
> +}
> +
>   static struct rte_cryptodev_sym_session *
>   cperf_create_session(struct rte_mempool *sess_mp,
>   	struct rte_mempool *priv_mp,
> @@ -675,6 +798,12 @@ cperf_create_session(struct rte_mempool *sess_mp,
>   		return (void *)rte_security_session_create(ctx,
>   					&sess_conf, sess_mp, priv_mp);
>   	}
> +
> +	if (options->op_type == CPERF_IPSEC) {
> +		return create_ipsec_session(sess_mp, priv_mp, dev_id,
> +				options, test_vector, iv_offset);
> +	}
> +
>   	if (options->op_type == CPERF_DOCSIS) {
>   		enum rte_security_docsis_direction direction;
>   
> @@ -872,44 +1001,40 @@ cperf_get_op_functions(const struct cperf_options *options,
>   
>   	op_fns->sess_create = cperf_create_session;
>   
> -	if (options->op_type == CPERF_ASYM_MODEX) {
> -		op_fns->populate_ops = cperf_set_ops_asym;
> -		return 0;
> -	}
> -
> -	if (options->op_type == CPERF_AEAD) {
> +	switch (options->op_type) {
> +	case CPERF_AEAD:
>   		op_fns->populate_ops = cperf_set_ops_aead;
> -		return 0;
> -	}
> +		break;
>   
> -	if (options->op_type == CPERF_AUTH_THEN_CIPHER
> -			|| options->op_type == CPERF_CIPHER_THEN_AUTH) {
> +	case CPERF_AUTH_THEN_CIPHER:
> +	case CPERF_CIPHER_THEN_AUTH:
>   		op_fns->populate_ops = cperf_set_ops_cipher_auth;
> -		return 0;
> -	}
> -	if (options->op_type == CPERF_AUTH_ONLY) {
> +		break;
> +	case CPERF_AUTH_ONLY:
>   		if (options->auth_algo == RTE_CRYPTO_AUTH_NULL)
>   			op_fns->populate_ops = cperf_set_ops_null_auth;
>   		else
>   			op_fns->populate_ops = cperf_set_ops_auth;
> -		return 0;
> -	}
> -	if (options->op_type == CPERF_CIPHER_ONLY) {
> +		break;
> +	case CPERF_CIPHER_ONLY:
>   		if (options->cipher_algo == RTE_CRYPTO_CIPHER_NULL)
>   			op_fns->populate_ops = cperf_set_ops_null_cipher;
>   		else
>   			op_fns->populate_ops = cperf_set_ops_cipher;
> -		return 0;
> -	}
> +		break;
> +	case CPERF_ASYM_MODEX:
> +		op_fns->populate_ops = cperf_set_ops_asym;
> +		break;
>   #ifdef RTE_LIB_SECURITY
> -	if (options->op_type == CPERF_PDCP) {
> +	case CPERF_PDCP:
> +	case CPERF_IPSEC:
> +	case CPERF_DOCSIS:
>   		op_fns->populate_ops = cperf_set_ops_security;
> -		return 0;
> -	}
> -	if (options->op_type == CPERF_DOCSIS) {
> -		op_fns->populate_ops = cperf_set_ops_security;
> -		return 0;
> -	}
> +		break;
>   #endif
> -	return -1;
> +	default:
> +		return -1;
> +	}
> +
> +	return 0;
>   }
> diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h
> index f5ea2b90a5..031b238b20 100644
> --- a/app/test-crypto-perf/cperf_options.h
> +++ b/app/test-crypto-perf/cperf_options.h
> @@ -80,6 +80,7 @@ enum cperf_op_type {
>   	CPERF_AEAD,
>   	CPERF_PDCP,
>   	CPERF_DOCSIS,
> +	CPERF_IPSEC,
>   	CPERF_ASYM_MODEX
>   };
>   
> diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
> index 2a7acb0111..c244f81bbf 100644
> --- a/app/test-crypto-perf/cperf_options_parsing.c
> +++ b/app/test-crypto-perf/cperf_options_parsing.c
> @@ -458,6 +458,10 @@ parse_op_type(struct cperf_options *opts, const char *arg)
>   			cperf_op_type_strs[CPERF_DOCSIS],
>   			CPERF_DOCSIS
>   		},
> +		{
> +			cperf_op_type_strs[CPERF_IPSEC],
> +			CPERF_IPSEC
> +		},
>   		{
>   			cperf_op_type_strs[CPERF_ASYM_MODEX],
>   			CPERF_ASYM_MODEX
> diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c
> index 76fcda47ff..ca65c3c883 100644
> --- a/app/test-crypto-perf/cperf_test_throughput.c
> +++ b/app/test-crypto-perf/cperf_test_throughput.c
> @@ -42,7 +42,8 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx)
>   		}
>   #ifdef RTE_LIB_SECURITY
>   		else if (ctx->options->op_type == CPERF_PDCP ||
> -			 ctx->options->op_type == CPERF_DOCSIS) {
> +			 ctx->options->op_type == CPERF_DOCSIS ||
> +			 ctx->options->op_type == CPERF_IPSEC) {
>   			struct rte_security_ctx *sec_ctx =
>   				(struct rte_security_ctx *)
>   					rte_cryptodev_get_sec_ctx(ctx->dev_id);
> diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c
> index 4bba405961..e944583089 100644
> --- a/app/test-crypto-perf/cperf_test_vectors.c
> +++ b/app/test-crypto-perf/cperf_test_vectors.c
> @@ -448,7 +448,8 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
>   		t_vec->modex.elen = sizeof(perf_mod_e);
>   	}
>   
> -	if (options->op_type ==	CPERF_PDCP) {
> +	if (options->op_type ==	CPERF_PDCP ||
> +			options->op_type == CPERF_IPSEC) {
>   		if (options->cipher_algo == RTE_CRYPTO_CIPHER_NULL) {
>   			t_vec->cipher_key.length = 0;
>   			t_vec->ciphertext.data = plaintext;
> @@ -579,7 +580,8 @@ cperf_test_vector_get_dummy(struct cperf_options *options)
>   		t_vec->auth_iv.length = options->auth_iv_sz;
>   	}
>   
> -	if (options->op_type == CPERF_AEAD) {
> +	if (options->op_type == CPERF_AEAD ||
> +			options->op_type == CPERF_IPSEC) {
>   		t_vec->aead_key.length = options->aead_key_sz;
>   		t_vec->aead_key.data = aead_key;
>   
> diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
> index 390380898e..6fdb92fb7c 100644
> --- a/app/test-crypto-perf/main.c
> +++ b/app/test-crypto-perf/main.c
> @@ -41,6 +41,7 @@ const char *cperf_op_type_strs[] = {
>   	[CPERF_AEAD] = "aead",
>   	[CPERF_PDCP] = "pdcp",
>   	[CPERF_DOCSIS] = "docsis",
> +	[CPERF_IPSEC] = "ipsec",
>   	[CPERF_ASYM_MODEX] = "modex"
>   };
>   
> @@ -278,9 +279,9 @@ cperf_initialize_cryptodev(struct cperf_options *opts, uint8_t *enabled_cdevs)
>   			/* Fall through */
>   		case CPERF_PDCP:
>   		case CPERF_DOCSIS:
> +		case CPERF_IPSEC:
>   			/* Fall through */
>   		default:
> -
>   			conf.ff_disable |= RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
>   		}
>   
> diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
> index dfaf7bdf38..84266aba7c 100644
> --- a/doc/guides/rel_notes/release_21_11.rst
> +++ b/doc/guides/rel_notes/release_21_11.rst
> @@ -134,6 +134,7 @@ New Features
>   
>     * Added support for asymmetric crypto throughput performance measurement.
>       Only modex is supported for now.
> +  * Added support for lookaside IPsec protocol offload throughput measurement.
>   
>   * **Added lookaside protocol (IPsec) tests in dpdk-test.**
>   

      reply	other threads:[~2021-10-20 13:11 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-17 17:48 [dpdk-dev] [PATCH] test/crypto-perf: support lookaside IPsec Akhil Goyal
2021-10-08 20:15 ` [dpdk-dev] [PATCH v2] " Akhil Goyal
2021-10-20 13:10   ` Hemant Agrawal [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43bb7b32-ab2b-3482-25b5-cca5e501dbb6@oss.nxp.com \
    --to=hemant.agrawal@oss.nxp.com \
    --cc=adwivedi@marvell.com \
    --cc=ajit.khaparde@broadcom.com \
    --cc=anoobj@marvell.com \
    --cc=asomalap@amd.com \
    --cc=ciara.power@intel.com \
    --cc=david.marchand@redhat.com \
    --cc=declan.doherty@intel.com \
    --cc=dev@dpdk.org \
    --cc=fiona.trahe@intel.com \
    --cc=g.singh@nxp.com \
    --cc=gakhil@marvell.com \
    --cc=hemant.agrawal@nxp.com \
    --cc=jianjay.zhou@huawei.com \
    --cc=konstantin.ananyev@intel.com \
    --cc=matan@nvidia.com \
    --cc=pablo.de.lara.guarch@intel.com \
    --cc=radu.nicolau@intel.com \
    --cc=rnagadheeraj@marvell.com \
    --cc=roy.fan.zhang@intel.com \
    --cc=ruifeng.wang@arm.com \
    --cc=thomas@monjalon.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.