From patchwork Tue Aug 17 17:48:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 97014 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5E8BAA0C4D; Tue, 17 Aug 2021 19:49:01 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2208440E5A; Tue, 17 Aug 2021 19:49:01 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 1166D40DF5 for ; Tue, 17 Aug 2021 19:48:59 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 17HEPxAE006897; Tue, 17 Aug 2021 10:48:59 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=g8w3aSGieTTIVylVgjKv0p+64rePFP63QhhrZIv0sug=; b=ZKRd0aM2aG1wPOS8ZZKlJuSIo4UJOt/ca2g+Kge1LH0QGF9Y0J/0ghXflypnZFFEBU2Q OjR8KjCcIbctAjE7ePke8suHY3P/hef13eEPH1NoPlm1Do4JtYy7+RSTg2SsYUfK+Vcg KoFCAF5pbla1PIUav03H8HiCIH4v5bSe+/iYNuDSAqcW/UWdWdQbGeYdgCG3jznopANb kpiWYCZJbAMTpIcjt6TAxpskBL2eoVXoJLSkekO8RUMQHXZtzOSDfK0HwvmGIJlTlTlu r2j1CiCgTWXpbtqFOWyE7FiWHC0z4H/bDy+mroCf/avsMpgdakMcFalBPwiVhLtwg8sy dQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3ag4n0up6d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 17 Aug 2021 10:48:59 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 17 Aug 2021 10:48:57 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 17 Aug 2021 10:48:57 -0700 Received: from localhost.localdomain (unknown [10.28.36.185]) by maili.marvell.com (Postfix) with ESMTP id 80FB13F7098; Tue, 17 Aug 2021 10:48:53 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , Akhil Goyal Date: Tue, 17 Aug 2021 23:18:49 +0530 Message-ID: <20210817174849.1591235-1-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Proofpoint-GUID: JU2BjBHqO7R3dUIxo04VKhxoaH5SnNjR X-Proofpoint-ORIG-GUID: JU2BjBHqO7R3dUIxo04VKhxoaH5SnNjR X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-08-17_06,2021-08-17_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH] test/crypto-perf: support lookaside IPsec X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Added support for lookaside IPsec protocol offload. Supported cases: -AEAD -Cipher+auth Command used for testing: ./dpdk-test-crypto-perf -c 0xf -- --devtype crypto_octeontx2 --ptest throughput --optype ipsec --cipher-algo aes-cbc --pool-sz 16384 --cipher-op encrypt --cipher-key-sz 16 --cipher-iv-sz 16 --auth-algo sha1-hmac --auth-op generate --digest-sz 16 --total-ops 10000000 --burst-sz 32 --buffer-sz 64,128,256,512,1024,1280,2048 ./dpdk-test-crypto-perf -c 0xf -- --devtype crypto_octeontx2 --ptest throughput --optype ipsec --aead-algo aes-gcm --pool-sz 16384 --aead-op encrypt --aead-key-sz 32 --aead-iv-sz 12 --aead-aad-sz 16 --digest-sz 16 --total-ops 10000000 --burst-sz 32 --buffer-sz 64,128,256,512,1024,1280,2048 Signed-off-by: Akhil Goyal --- This patch is rebased over following patch to avoid conflict https://mails.dpdk.org/archives/dev/2021-August/216795.html app/test-crypto-perf/cperf_ops.c | 179 ++++++++++++++++--- app/test-crypto-perf/cperf_options.h | 1 + app/test-crypto-perf/cperf_options_parsing.c | 4 + app/test-crypto-perf/cperf_test_throughput.c | 3 +- app/test-crypto-perf/cperf_test_vectors.c | 6 +- app/test-crypto-perf/main.c | 3 +- 6 files changed, 165 insertions(+), 31 deletions(-) diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c index 4b7d66edb2..b2073f0738 100644 --- a/app/test-crypto-perf/cperf_ops.c +++ b/app/test-crypto-perf/cperf_ops.c @@ -62,7 +62,13 @@ cperf_set_ops_security(struct rte_crypto_op **ops, sym_op->m_src = (struct rte_mbuf *)((uint8_t *)ops[i] + src_buf_offset); - if (options->op_type == CPERF_PDCP) { + if (options->op_type == CPERF_PDCP || + options->op_type == CPERF_IPSEC) { + /* In case of IPsec, headroom is consumed by PMD, + * hence resetting it. + */ + sym_op->m_src->data_off = options->headroom_sz; + sym_op->m_src->buf_len = options->segment_sz; sym_op->m_src->data_len = options->test_buffer_size; sym_op->m_src->pkt_len = sym_op->m_src->data_len; @@ -565,6 +571,123 @@ cperf_set_ops_aead(struct rte_crypto_op **ops, return 0; } +static struct rte_cryptodev_sym_session * +create_ipsec_session(struct rte_mempool *sess_mp, + struct rte_mempool *priv_mp, + uint8_t dev_id, + const struct cperf_options *options, + const struct cperf_test_vector *test_vector, + uint16_t iv_offset) +{ + struct rte_crypto_sym_xform xform = {0}; + struct rte_crypto_sym_xform auth_xform = {0}; + + if (options->aead_algo != 0) { + /* Setup AEAD Parameters */ + xform.type = RTE_CRYPTO_SYM_XFORM_AEAD; + xform.next = NULL; + xform.aead.algo = options->aead_algo; + xform.aead.op = options->aead_op; + xform.aead.iv.offset = iv_offset; + xform.aead.key.data = test_vector->aead_key.data; + xform.aead.key.length = test_vector->aead_key.length; + xform.aead.iv.length = test_vector->aead_iv.length; + xform.aead.digest_length = options->digest_sz; + xform.aead.aad_length = options->aead_aad_sz; + } else if (options->cipher_algo != 0 && options->auth_algo != 0) { + /* Setup Cipher Parameters */ + xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; + xform.next = NULL; + xform.cipher.algo = options->cipher_algo; + xform.cipher.op = options->cipher_op; + xform.cipher.iv.offset = iv_offset; + xform.cipher.iv.length = test_vector->cipher_iv.length; + /* cipher different than null */ + if (options->cipher_algo != RTE_CRYPTO_CIPHER_NULL) { + xform.cipher.key.data = test_vector->cipher_key.data; + xform.cipher.key.length = + test_vector->cipher_key.length; + } else { + xform.cipher.key.data = NULL; + xform.cipher.key.length = 0; + } + + /* Setup Auth Parameters */ + auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH; + auth_xform.next = NULL; + auth_xform.auth.algo = options->auth_algo; + auth_xform.auth.op = options->auth_op; + auth_xform.auth.iv.offset = iv_offset + + xform.cipher.iv.length; + /* auth different than null */ + if (options->auth_algo != RTE_CRYPTO_AUTH_NULL) { + auth_xform.auth.digest_length = options->digest_sz; + auth_xform.auth.key.length = + test_vector->auth_key.length; + auth_xform.auth.key.data = test_vector->auth_key.data; + auth_xform.auth.iv.length = test_vector->auth_iv.length; + } else { + auth_xform.auth.digest_length = 0; + auth_xform.auth.key.length = 0; + auth_xform.auth.key.data = NULL; + auth_xform.auth.iv.length = 0; + } + + xform.next = &auth_xform; + } else { + return NULL; + } + +#define CPERF_IPSEC_SRC_IP 0x01010101 +#define CPERF_IPSEC_DST_IP 0x02020202 +#define CPERF_IPSEC_SALT 0x0 +#define CPERF_IPSEC_DEFTTL 64 + struct rte_security_ipsec_tunnel_param tunnel = { + .type = RTE_SECURITY_IPSEC_TUNNEL_IPV4, + {.ipv4 = { + .src_ip = { .s_addr = CPERF_IPSEC_SRC_IP}, + .dst_ip = { .s_addr = CPERF_IPSEC_DST_IP}, + .dscp = 0, + .df = 0, + .ttl = CPERF_IPSEC_DEFTTL, + } }, + }; + struct rte_security_session_conf sess_conf = { + .action_type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + {.ipsec = { + .spi = rte_lcore_id(), + /**< For testing sake, lcore_id is taken as SPI so that + * for every core a different session is created. + */ + .salt = CPERF_IPSEC_SALT, + .options = { 0 }, + .replay_win_sz = 0, + .direction = + ((options->cipher_op == + RTE_CRYPTO_CIPHER_OP_ENCRYPT) && + (options->auth_op == + RTE_CRYPTO_AUTH_OP_GENERATE)) || + (options->aead_op == + RTE_CRYPTO_AEAD_OP_ENCRYPT) ? + RTE_SECURITY_IPSEC_SA_DIR_EGRESS : + RTE_SECURITY_IPSEC_SA_DIR_INGRESS, + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .tunnel = tunnel, + } }, + .userdata = NULL, + .crypto_xform = &xform + }; + + struct rte_security_ctx *ctx = (struct rte_security_ctx *) + rte_cryptodev_get_sec_ctx(dev_id); + + /* Create security session */ + return (void *)rte_security_session_create(ctx, + &sess_conf, sess_mp, priv_mp); +} + static struct rte_cryptodev_sym_session * cperf_create_session(struct rte_mempool *sess_mp, struct rte_mempool *priv_mp, @@ -675,6 +798,12 @@ cperf_create_session(struct rte_mempool *sess_mp, return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp, priv_mp); } + + if (options->op_type == CPERF_IPSEC) { + return create_ipsec_session(sess_mp, priv_mp, dev_id, + options, test_vector, iv_offset); + } + if (options->op_type == CPERF_DOCSIS) { enum rte_security_docsis_direction direction; @@ -872,44 +1001,40 @@ cperf_get_op_functions(const struct cperf_options *options, op_fns->sess_create = cperf_create_session; - if (options->op_type == CPERF_ASYM_MODEX) { - op_fns->populate_ops = cperf_set_ops_asym; - return 0; - } - - if (options->op_type == CPERF_AEAD) { + switch (options->op_type) { + case CPERF_AEAD: op_fns->populate_ops = cperf_set_ops_aead; - return 0; - } + break; - if (options->op_type == CPERF_AUTH_THEN_CIPHER - || options->op_type == CPERF_CIPHER_THEN_AUTH) { + case CPERF_AUTH_THEN_CIPHER: + case CPERF_CIPHER_THEN_AUTH: op_fns->populate_ops = cperf_set_ops_cipher_auth; - return 0; - } - if (options->op_type == CPERF_AUTH_ONLY) { + break; + case CPERF_AUTH_ONLY: if (options->auth_algo == RTE_CRYPTO_AUTH_NULL) op_fns->populate_ops = cperf_set_ops_null_auth; else op_fns->populate_ops = cperf_set_ops_auth; - return 0; - } - if (options->op_type == CPERF_CIPHER_ONLY) { + break; + case CPERF_CIPHER_ONLY: if (options->cipher_algo == RTE_CRYPTO_CIPHER_NULL) op_fns->populate_ops = cperf_set_ops_null_cipher; else op_fns->populate_ops = cperf_set_ops_cipher; - return 0; - } + break; + case CPERF_ASYM_MODEX: + op_fns->populate_ops = cperf_set_ops_asym; + break; #ifdef RTE_LIB_SECURITY - if (options->op_type == CPERF_PDCP) { + case CPERF_PDCP: + case CPERF_IPSEC: + case CPERF_DOCSIS: op_fns->populate_ops = cperf_set_ops_security; - return 0; - } - if (options->op_type == CPERF_DOCSIS) { - op_fns->populate_ops = cperf_set_ops_security; - return 0; - } + break; #endif - return -1; + default: + return -1; + } + + return 0; } diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h index f5ea2b90a5..031b238b20 100644 --- a/app/test-crypto-perf/cperf_options.h +++ b/app/test-crypto-perf/cperf_options.h @@ -80,6 +80,7 @@ enum cperf_op_type { CPERF_AEAD, CPERF_PDCP, CPERF_DOCSIS, + CPERF_IPSEC, CPERF_ASYM_MODEX }; diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c index fcff187257..63a82c7938 100644 --- a/app/test-crypto-perf/cperf_options_parsing.c +++ b/app/test-crypto-perf/cperf_options_parsing.c @@ -458,6 +458,10 @@ parse_op_type(struct cperf_options *opts, const char *arg) cperf_op_type_strs[CPERF_DOCSIS], CPERF_DOCSIS }, + { + cperf_op_type_strs[CPERF_IPSEC], + CPERF_IPSEC + }, { cperf_op_type_strs[CPERF_ASYM_MODEX], CPERF_ASYM_MODEX diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c index 76fcda47ff..ca65c3c883 100644 --- a/app/test-crypto-perf/cperf_test_throughput.c +++ b/app/test-crypto-perf/cperf_test_throughput.c @@ -42,7 +42,8 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx) } #ifdef RTE_LIB_SECURITY else if (ctx->options->op_type == CPERF_PDCP || - ctx->options->op_type == CPERF_DOCSIS) { + ctx->options->op_type == CPERF_DOCSIS || + ctx->options->op_type == CPERF_IPSEC) { struct rte_security_ctx *sec_ctx = (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx(ctx->dev_id); diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c index 4bba405961..e944583089 100644 --- a/app/test-crypto-perf/cperf_test_vectors.c +++ b/app/test-crypto-perf/cperf_test_vectors.c @@ -448,7 +448,8 @@ cperf_test_vector_get_dummy(struct cperf_options *options) t_vec->modex.elen = sizeof(perf_mod_e); } - if (options->op_type == CPERF_PDCP) { + if (options->op_type == CPERF_PDCP || + options->op_type == CPERF_IPSEC) { if (options->cipher_algo == RTE_CRYPTO_CIPHER_NULL) { t_vec->cipher_key.length = 0; t_vec->ciphertext.data = plaintext; @@ -579,7 +580,8 @@ cperf_test_vector_get_dummy(struct cperf_options *options) t_vec->auth_iv.length = options->auth_iv_sz; } - if (options->op_type == CPERF_AEAD) { + if (options->op_type == CPERF_AEAD || + options->op_type == CPERF_IPSEC) { t_vec->aead_key.length = options->aead_key_sz; t_vec->aead_key.data = aead_key; diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c index 390380898e..6fdb92fb7c 100644 --- a/app/test-crypto-perf/main.c +++ b/app/test-crypto-perf/main.c @@ -41,6 +41,7 @@ const char *cperf_op_type_strs[] = { [CPERF_AEAD] = "aead", [CPERF_PDCP] = "pdcp", [CPERF_DOCSIS] = "docsis", + [CPERF_IPSEC] = "ipsec", [CPERF_ASYM_MODEX] = "modex" }; @@ -278,9 +279,9 @@ cperf_initialize_cryptodev(struct cperf_options *opts, uint8_t *enabled_cdevs) /* Fall through */ case CPERF_PDCP: case CPERF_DOCSIS: + case CPERF_IPSEC: /* Fall through */ default: - conf.ff_disable |= RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO; }