From patchwork Fri Oct 8 20:15:46 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 100839 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7C620A0C4B; Fri, 8 Oct 2021 22:16:08 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 4669540696; Fri, 8 Oct 2021 22:16:08 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id E9A5D4068E for ; Fri, 8 Oct 2021 22:16:06 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 198G8xCn014835; Fri, 8 Oct 2021 13:16:01 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=lIUsxrOYqEAvjdzgDLD+FWnloMxqfQbBnmoxQ+A/Iws=; b=jWV8n4h2b+Xxcf+/Fp9QGRqoZGsfruvvPu7+jBPtXbqh0uK5FU7RhBPpXrZI54rUau7T tjzLw4QCQQ1soBlPgTAyy3dFTHJ+nUGICJ9WA5GaVwKpGlCvQdsTB++3tnWq/qkj+ilV wb+AoNpcr8n4Q8xZzw0F5kRCV97nFbsWhmInjXWatHyyxmC34jR0m9+LHwcbuhGtpF/C /3BspAMaQMwNGzyyQAgymGMZWjHcNl42UaQBT4FZQOHImIoYcFA83xzOJ1gYp2b3kDsw C+za0PhpGgzLbfeHdbCkyYTZA7Fga94tPvfFHIeXcrMyociXO9J1mZXuRBX3hYyldehg ag== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 3bjs8nrsdu-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 08 Oct 2021 13:16:00 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Fri, 8 Oct 2021 13:15:59 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Fri, 8 Oct 2021 13:15:59 -0700 Received: from localhost.localdomain (unknown [10.28.36.185]) by maili.marvell.com (Postfix) with ESMTP id 5644D3F705D; Fri, 8 Oct 2021 13:15:51 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , , , , , , , , , , Akhil Goyal Date: Sat, 9 Oct 2021 01:45:46 +0530 Message-ID: <20211008201546.3496585-1-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210817174849.1591235-1-gakhil@marvell.com> References: <20210817174849.1591235-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: Gzr1asfgxgE88fARwC25Qafk1yd2QnaZ X-Proofpoint-ORIG-GUID: Gzr1asfgxgE88fARwC25Qafk1yd2QnaZ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-10-08_06,2021-10-07_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2] test/crypto-perf: support lookaside IPsec X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Added support for lookaside IPsec protocol offload. Supported cases: -AEAD -Cipher+auth Command used for testing: ./dpdk-test-crypto-perf -c 0xf -- --devtype crypto_octeontx2 --ptest throughput --optype ipsec --cipher-algo aes-cbc --pool-sz 16384 --cipher-op encrypt --cipher-key-sz 16 --cipher-iv-sz 16 --auth-algo sha1-hmac --auth-op generate --digest-sz 16 --total-ops 10000000 --burst-sz 32 --buffer-sz 64,128,256,512,1024,1280,2048 ./dpdk-test-crypto-perf -c 0xf -- --devtype crypto_octeontx2 --ptest throughput --optype ipsec --aead-algo aes-gcm --pool-sz 16384 --aead-op encrypt --aead-key-sz 32 --aead-iv-sz 12 --aead-aad-sz 16 --digest-sz 16 --total-ops 10000000 --burst-sz 32 --buffer-sz 64,128,256,512,1024,1280,2048 Signed-off-by: Akhil Goyal Acked-by:  Hemant Agrawal --- v2: added release notes. app/test-crypto-perf/cperf_ops.c | 179 ++++++++++++++++--- app/test-crypto-perf/cperf_options.h | 1 + app/test-crypto-perf/cperf_options_parsing.c | 4 + app/test-crypto-perf/cperf_test_throughput.c | 3 +- app/test-crypto-perf/cperf_test_vectors.c | 6 +- app/test-crypto-perf/main.c | 3 +- doc/guides/rel_notes/release_21_11.rst | 1 + 7 files changed, 166 insertions(+), 31 deletions(-) diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c index 4b7d66edb2..b2073f0738 100644 --- a/app/test-crypto-perf/cperf_ops.c +++ b/app/test-crypto-perf/cperf_ops.c @@ -62,7 +62,13 @@ cperf_set_ops_security(struct rte_crypto_op **ops, sym_op->m_src = (struct rte_mbuf *)((uint8_t *)ops[i] + src_buf_offset); - if (options->op_type == CPERF_PDCP) { + if (options->op_type == CPERF_PDCP || + options->op_type == CPERF_IPSEC) { + /* In case of IPsec, headroom is consumed by PMD, + * hence resetting it. + */ + sym_op->m_src->data_off = options->headroom_sz; + sym_op->m_src->buf_len = options->segment_sz; sym_op->m_src->data_len = options->test_buffer_size; sym_op->m_src->pkt_len = sym_op->m_src->data_len; @@ -565,6 +571,123 @@ cperf_set_ops_aead(struct rte_crypto_op **ops, return 0; } +static struct rte_cryptodev_sym_session * +create_ipsec_session(struct rte_mempool *sess_mp, + struct rte_mempool *priv_mp, + uint8_t dev_id, + const struct cperf_options *options, + const struct cperf_test_vector *test_vector, + uint16_t iv_offset) +{ + struct rte_crypto_sym_xform xform = {0}; + struct rte_crypto_sym_xform auth_xform = {0}; + + if (options->aead_algo != 0) { + /* Setup AEAD Parameters */ + xform.type = RTE_CRYPTO_SYM_XFORM_AEAD; + xform.next = NULL; + xform.aead.algo = options->aead_algo; + xform.aead.op = options->aead_op; + xform.aead.iv.offset = iv_offset; + xform.aead.key.data = test_vector->aead_key.data; + xform.aead.key.length = test_vector->aead_key.length; + xform.aead.iv.length = test_vector->aead_iv.length; + xform.aead.digest_length = options->digest_sz; + xform.aead.aad_length = options->aead_aad_sz; + } else if (options->cipher_algo != 0 && options->auth_algo != 0) { + /* Setup Cipher Parameters */ + xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; + xform.next = NULL; + xform.cipher.algo = options->cipher_algo; + xform.cipher.op = options->cipher_op; + xform.cipher.iv.offset = iv_offset; + xform.cipher.iv.length = test_vector->cipher_iv.length; + /* cipher different than null */ + if (options->cipher_algo != RTE_CRYPTO_CIPHER_NULL) { + xform.cipher.key.data = test_vector->cipher_key.data; + xform.cipher.key.length = + test_vector->cipher_key.length; + } else { + xform.cipher.key.data = NULL; + xform.cipher.key.length = 0; + } + + /* Setup Auth Parameters */ + auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH; + auth_xform.next = NULL; + auth_xform.auth.algo = options->auth_algo; + auth_xform.auth.op = options->auth_op; + auth_xform.auth.iv.offset = iv_offset + + xform.cipher.iv.length; + /* auth different than null */ + if (options->auth_algo != RTE_CRYPTO_AUTH_NULL) { + auth_xform.auth.digest_length = options->digest_sz; + auth_xform.auth.key.length = + test_vector->auth_key.length; + auth_xform.auth.key.data = test_vector->auth_key.data; + auth_xform.auth.iv.length = test_vector->auth_iv.length; + } else { + auth_xform.auth.digest_length = 0; + auth_xform.auth.key.length = 0; + auth_xform.auth.key.data = NULL; + auth_xform.auth.iv.length = 0; + } + + xform.next = &auth_xform; + } else { + return NULL; + } + +#define CPERF_IPSEC_SRC_IP 0x01010101 +#define CPERF_IPSEC_DST_IP 0x02020202 +#define CPERF_IPSEC_SALT 0x0 +#define CPERF_IPSEC_DEFTTL 64 + struct rte_security_ipsec_tunnel_param tunnel = { + .type = RTE_SECURITY_IPSEC_TUNNEL_IPV4, + {.ipv4 = { + .src_ip = { .s_addr = CPERF_IPSEC_SRC_IP}, + .dst_ip = { .s_addr = CPERF_IPSEC_DST_IP}, + .dscp = 0, + .df = 0, + .ttl = CPERF_IPSEC_DEFTTL, + } }, + }; + struct rte_security_session_conf sess_conf = { + .action_type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_IPSEC, + {.ipsec = { + .spi = rte_lcore_id(), + /**< For testing sake, lcore_id is taken as SPI so that + * for every core a different session is created. + */ + .salt = CPERF_IPSEC_SALT, + .options = { 0 }, + .replay_win_sz = 0, + .direction = + ((options->cipher_op == + RTE_CRYPTO_CIPHER_OP_ENCRYPT) && + (options->auth_op == + RTE_CRYPTO_AUTH_OP_GENERATE)) || + (options->aead_op == + RTE_CRYPTO_AEAD_OP_ENCRYPT) ? + RTE_SECURITY_IPSEC_SA_DIR_EGRESS : + RTE_SECURITY_IPSEC_SA_DIR_INGRESS, + .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, + .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, + .tunnel = tunnel, + } }, + .userdata = NULL, + .crypto_xform = &xform + }; + + struct rte_security_ctx *ctx = (struct rte_security_ctx *) + rte_cryptodev_get_sec_ctx(dev_id); + + /* Create security session */ + return (void *)rte_security_session_create(ctx, + &sess_conf, sess_mp, priv_mp); +} + static struct rte_cryptodev_sym_session * cperf_create_session(struct rte_mempool *sess_mp, struct rte_mempool *priv_mp, @@ -675,6 +798,12 @@ cperf_create_session(struct rte_mempool *sess_mp, return (void *)rte_security_session_create(ctx, &sess_conf, sess_mp, priv_mp); } + + if (options->op_type == CPERF_IPSEC) { + return create_ipsec_session(sess_mp, priv_mp, dev_id, + options, test_vector, iv_offset); + } + if (options->op_type == CPERF_DOCSIS) { enum rte_security_docsis_direction direction; @@ -872,44 +1001,40 @@ cperf_get_op_functions(const struct cperf_options *options, op_fns->sess_create = cperf_create_session; - if (options->op_type == CPERF_ASYM_MODEX) { - op_fns->populate_ops = cperf_set_ops_asym; - return 0; - } - - if (options->op_type == CPERF_AEAD) { + switch (options->op_type) { + case CPERF_AEAD: op_fns->populate_ops = cperf_set_ops_aead; - return 0; - } + break; - if (options->op_type == CPERF_AUTH_THEN_CIPHER - || options->op_type == CPERF_CIPHER_THEN_AUTH) { + case CPERF_AUTH_THEN_CIPHER: + case CPERF_CIPHER_THEN_AUTH: op_fns->populate_ops = cperf_set_ops_cipher_auth; - return 0; - } - if (options->op_type == CPERF_AUTH_ONLY) { + break; + case CPERF_AUTH_ONLY: if (options->auth_algo == RTE_CRYPTO_AUTH_NULL) op_fns->populate_ops = cperf_set_ops_null_auth; else op_fns->populate_ops = cperf_set_ops_auth; - return 0; - } - if (options->op_type == CPERF_CIPHER_ONLY) { + break; + case CPERF_CIPHER_ONLY: if (options->cipher_algo == RTE_CRYPTO_CIPHER_NULL) op_fns->populate_ops = cperf_set_ops_null_cipher; else op_fns->populate_ops = cperf_set_ops_cipher; - return 0; - } + break; + case CPERF_ASYM_MODEX: + op_fns->populate_ops = cperf_set_ops_asym; + break; #ifdef RTE_LIB_SECURITY - if (options->op_type == CPERF_PDCP) { + case CPERF_PDCP: + case CPERF_IPSEC: + case CPERF_DOCSIS: op_fns->populate_ops = cperf_set_ops_security; - return 0; - } - if (options->op_type == CPERF_DOCSIS) { - op_fns->populate_ops = cperf_set_ops_security; - return 0; - } + break; #endif - return -1; + default: + return -1; + } + + return 0; } diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h index f5ea2b90a5..031b238b20 100644 --- a/app/test-crypto-perf/cperf_options.h +++ b/app/test-crypto-perf/cperf_options.h @@ -80,6 +80,7 @@ enum cperf_op_type { CPERF_AEAD, CPERF_PDCP, CPERF_DOCSIS, + CPERF_IPSEC, CPERF_ASYM_MODEX }; diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c index 2a7acb0111..c244f81bbf 100644 --- a/app/test-crypto-perf/cperf_options_parsing.c +++ b/app/test-crypto-perf/cperf_options_parsing.c @@ -458,6 +458,10 @@ parse_op_type(struct cperf_options *opts, const char *arg) cperf_op_type_strs[CPERF_DOCSIS], CPERF_DOCSIS }, + { + cperf_op_type_strs[CPERF_IPSEC], + CPERF_IPSEC + }, { cperf_op_type_strs[CPERF_ASYM_MODEX], CPERF_ASYM_MODEX diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c index 76fcda47ff..ca65c3c883 100644 --- a/app/test-crypto-perf/cperf_test_throughput.c +++ b/app/test-crypto-perf/cperf_test_throughput.c @@ -42,7 +42,8 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx) } #ifdef RTE_LIB_SECURITY else if (ctx->options->op_type == CPERF_PDCP || - ctx->options->op_type == CPERF_DOCSIS) { + ctx->options->op_type == CPERF_DOCSIS || + ctx->options->op_type == CPERF_IPSEC) { struct rte_security_ctx *sec_ctx = (struct rte_security_ctx *) rte_cryptodev_get_sec_ctx(ctx->dev_id); diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c index 4bba405961..e944583089 100644 --- a/app/test-crypto-perf/cperf_test_vectors.c +++ b/app/test-crypto-perf/cperf_test_vectors.c @@ -448,7 +448,8 @@ cperf_test_vector_get_dummy(struct cperf_options *options) t_vec->modex.elen = sizeof(perf_mod_e); } - if (options->op_type == CPERF_PDCP) { + if (options->op_type == CPERF_PDCP || + options->op_type == CPERF_IPSEC) { if (options->cipher_algo == RTE_CRYPTO_CIPHER_NULL) { t_vec->cipher_key.length = 0; t_vec->ciphertext.data = plaintext; @@ -579,7 +580,8 @@ cperf_test_vector_get_dummy(struct cperf_options *options) t_vec->auth_iv.length = options->auth_iv_sz; } - if (options->op_type == CPERF_AEAD) { + if (options->op_type == CPERF_AEAD || + options->op_type == CPERF_IPSEC) { t_vec->aead_key.length = options->aead_key_sz; t_vec->aead_key.data = aead_key; diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c index 390380898e..6fdb92fb7c 100644 --- a/app/test-crypto-perf/main.c +++ b/app/test-crypto-perf/main.c @@ -41,6 +41,7 @@ const char *cperf_op_type_strs[] = { [CPERF_AEAD] = "aead", [CPERF_PDCP] = "pdcp", [CPERF_DOCSIS] = "docsis", + [CPERF_IPSEC] = "ipsec", [CPERF_ASYM_MODEX] = "modex" }; @@ -278,9 +279,9 @@ cperf_initialize_cryptodev(struct cperf_options *opts, uint8_t *enabled_cdevs) /* Fall through */ case CPERF_PDCP: case CPERF_DOCSIS: + case CPERF_IPSEC: /* Fall through */ default: - conf.ff_disable |= RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO; } diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index dfaf7bdf38..84266aba7c 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -134,6 +134,7 @@ New Features * Added support for asymmetric crypto throughput performance measurement. Only modex is supported for now. + * Added support for lookaside IPsec protocol offload throughput measurement. * **Added lookaside protocol (IPsec) tests in dpdk-test.**