From 8a5b494a7f99f67eacf2957806400ee836038cd3 Mon Sep 17 00:00:00 2001 From: Pablo de Lara Date: Sun, 2 Jul 2017 06:41:23 +0100 Subject: [PATCH] app/test-crypto-perf: add AEAD parameters Since there is a new operation type (AEAD), add parameters for this in the application. Signed-off-by: Pablo de Lara Acked-by: Declan Doherty Acked-by: Akhil Goyal Acked-by: Fiona Trahe --- app/test-crypto-perf/cperf_ops.c | 138 +++++------ app/test-crypto-perf/cperf_options.h | 22 +- app/test-crypto-perf/cperf_options_parsing.c | 226 ++++++++++++------ app/test-crypto-perf/cperf_test_latency.c | 8 +- app/test-crypto-perf/cperf_test_throughput.c | 8 +- .../cperf_test_vector_parsing.c | 12 +- app/test-crypto-perf/cperf_test_vectors.c | 106 ++++---- app/test-crypto-perf/cperf_test_vectors.h | 12 + app/test-crypto-perf/cperf_test_verify.c | 10 +- app/test-crypto-perf/main.c | 42 +++- doc/guides/tools/cryptoperf.rst | 41 +++- 11 files changed, 385 insertions(+), 240 deletions(-) diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c index 401f85e724..107abb0408 100644 --- a/app/test-crypto-perf/cperf_ops.c +++ b/app/test-crypto-perf/cperf_ops.c @@ -182,8 +182,6 @@ cperf_set_ops_auth(struct rte_crypto_op **ops, uint8_t *, offset); sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(buf, offset); - sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr; - sym_op->auth.aad.data = test_vector->aad.data; } @@ -265,8 +263,6 @@ cperf_set_ops_cipher_auth(struct rte_crypto_op **ops, uint8_t *, offset); sym_op->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(buf, offset); - sym_op->auth.aad.phys_addr = test_vector->aad.phys_addr; - sym_op->auth.aad.data = test_vector->aad.data; } if (options->auth_algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2 || @@ -320,23 +316,22 @@ cperf_set_ops_aead(struct rte_crypto_op **ops, sym_op->m_src = bufs_in[i]; sym_op->m_dst = bufs_out[i]; - /* cipher parameters */ - sym_op->cipher.data.length = options->test_buffer_size; - sym_op->cipher.data.offset = - RTE_ALIGN_CEIL(options->auth_aad_sz, 16); + /* AEAD parameters */ + sym_op->aead.data.length = options->test_buffer_size; + sym_op->aead.data.offset = + RTE_ALIGN_CEIL(options->aead_aad_sz, 16); - sym_op->auth.aad.data = rte_pktmbuf_mtod(bufs_in[i], uint8_t *); - sym_op->auth.aad.phys_addr = rte_pktmbuf_mtophys(bufs_in[i]); + sym_op->aead.aad.data = rte_pktmbuf_mtod(bufs_in[i], uint8_t *); + sym_op->aead.aad.phys_addr = rte_pktmbuf_mtophys(bufs_in[i]); - /* authentication parameters */ - if (options->auth_op == RTE_CRYPTO_AUTH_OP_VERIFY) { - sym_op->auth.digest.data = test_vector->digest.data; - sym_op->auth.digest.phys_addr = + if (options->aead_op == RTE_CRYPTO_AEAD_OP_DECRYPT) { + sym_op->aead.digest.data = test_vector->digest.data; + sym_op->aead.digest.phys_addr = test_vector->digest.phys_addr; } else { - uint32_t offset = sym_op->cipher.data.length + - sym_op->cipher.data.offset; + uint32_t offset = sym_op->aead.data.length + + sym_op->aead.data.offset; struct rte_mbuf *buf, *tbuf; if (options->out_of_place) { @@ -351,14 +346,11 @@ cperf_set_ops_aead(struct rte_crypto_op **ops, buf = tbuf; } - sym_op->auth.digest.data = rte_pktmbuf_mtod_offset(buf, + sym_op->aead.digest.data = rte_pktmbuf_mtod_offset(buf, uint8_t *, offset); - sym_op->auth.digest.phys_addr = + sym_op->aead.digest.phys_addr = rte_pktmbuf_mtophys_offset(buf, offset); } - - sym_op->auth.data.length = options->test_buffer_size; - sym_op->auth.data.offset = options->auth_aad_sz; } if (options->test == CPERF_TEST_TYPE_VERIFY) { @@ -366,8 +358,8 @@ cperf_set_ops_aead(struct rte_crypto_op **ops, uint8_t *iv_ptr = rte_crypto_op_ctod_offset(ops[i], uint8_t *, iv_offset); - memcpy(iv_ptr, test_vector->cipher_iv.data, - test_vector->cipher_iv.length); + memcpy(iv_ptr, test_vector->aead_iv.data, + test_vector->aead_iv.length); } } @@ -382,6 +374,7 @@ cperf_create_session(uint8_t dev_id, { struct rte_crypto_sym_xform cipher_xform; struct rte_crypto_sym_xform auth_xform; + struct rte_crypto_sym_xform aead_xform; struct rte_cryptodev_sym_session *sess = NULL; /* @@ -421,9 +414,7 @@ cperf_create_session(uint8_t dev_id, /* auth different than null */ if (options->auth_algo != RTE_CRYPTO_AUTH_NULL) { auth_xform.auth.digest_length = - options->auth_digest_sz; - auth_xform.auth.add_auth_data_length = - options->auth_aad_sz; + options->digest_sz; auth_xform.auth.key.length = test_vector->auth_key.length; auth_xform.auth.key.data = test_vector->auth_key.data; @@ -442,9 +433,7 @@ cperf_create_session(uint8_t dev_id, * cipher and auth */ } else if (options->op_type == CPERF_CIPHER_THEN_AUTH - || options->op_type == CPERF_AUTH_THEN_CIPHER - || options->op_type == CPERF_AEAD) { - + || options->op_type == CPERF_AUTH_THEN_CIPHER) { /* * cipher */ @@ -478,23 +467,12 @@ cperf_create_session(uint8_t dev_id, /* auth different than null */ if (options->auth_algo != RTE_CRYPTO_AUTH_NULL) { - auth_xform.auth.digest_length = options->auth_digest_sz; - auth_xform.auth.add_auth_data_length = - options->auth_aad_sz; - /* auth options for aes gcm */ - if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM && - options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM) { - auth_xform.auth.key.length = 0; - auth_xform.auth.key.data = NULL; - auth_xform.auth.iv.length = 0; - } else { /* auth options for others */ - auth_xform.auth.key.length = + auth_xform.auth.digest_length = options->digest_sz; + auth_xform.auth.iv.length = test_vector->auth_iv.length; + auth_xform.auth.key.length = test_vector->auth_key.length; - auth_xform.auth.key.data = - test_vector->auth_key.data; - auth_xform.auth.iv.length = - test_vector->auth_iv.length; - } + auth_xform.auth.key.data = + test_vector->auth_key.data; } else { auth_xform.auth.digest_length = 0; auth_xform.auth.add_auth_data_length = 0; @@ -503,35 +481,39 @@ cperf_create_session(uint8_t dev_id, auth_xform.auth.iv.length = 0; } - /* create crypto session for aes gcm */ - if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM) { - if (options->cipher_op == - RTE_CRYPTO_CIPHER_OP_ENCRYPT) { - cipher_xform.next = &auth_xform; - /* create crypto session */ - sess = rte_cryptodev_sym_session_create(dev_id, - &cipher_xform); - } else { /* decrypt */ - auth_xform.next = &cipher_xform; - /* create crypto session */ - sess = rte_cryptodev_sym_session_create(dev_id, - &auth_xform); - } - } else { /* create crypto session for other */ - /* cipher then auth */ - if (options->op_type == CPERF_CIPHER_THEN_AUTH) { - cipher_xform.next = &auth_xform; - /* create crypto session */ - sess = rte_cryptodev_sym_session_create(dev_id, + /* cipher then auth */ + if (options->op_type == CPERF_CIPHER_THEN_AUTH) { + cipher_xform.next = &auth_xform; + /* create crypto session */ + sess = rte_cryptodev_sym_session_create(dev_id, &cipher_xform); - } else { /* auth then cipher */ - auth_xform.next = &cipher_xform; - /* create crypto session */ - sess = rte_cryptodev_sym_session_create(dev_id, - &auth_xform); - } + } else { /* auth then cipher */ + auth_xform.next = &cipher_xform; + /* create crypto session */ + sess = rte_cryptodev_sym_session_create(dev_id, + &auth_xform); } + } else { /* options->op_type == CPERF_AEAD */ + aead_xform.type = RTE_CRYPTO_SYM_XFORM_AEAD; + aead_xform.next = NULL; + aead_xform.aead.algo = options->aead_algo; + aead_xform.aead.op = options->aead_op; + aead_xform.aead.iv.offset = iv_offset; + + aead_xform.aead.key.data = + test_vector->aead_key.data; + aead_xform.aead.key.length = + test_vector->aead_key.length; + aead_xform.aead.iv.length = test_vector->aead_iv.length; + + aead_xform.aead.digest_length = options->digest_sz; + aead_xform.aead.add_auth_data_length = + options->aead_aad_sz; + + /* Create crypto session */ + sess = rte_cryptodev_sym_session_create(dev_id, &aead_xform); } + return sess; } @@ -543,14 +525,14 @@ cperf_get_op_functions(const struct cperf_options *options, op_fns->sess_create = cperf_create_session; - if (options->op_type == CPERF_AEAD - || options->op_type == CPERF_AUTH_THEN_CIPHER + if (options->op_type == CPERF_AEAD) { + op_fns->populate_ops = cperf_set_ops_aead; + return 0; + } + + if (options->op_type == CPERF_AUTH_THEN_CIPHER || options->op_type == CPERF_CIPHER_THEN_AUTH) { - if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM && - options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM) - op_fns->populate_ops = cperf_set_ops_aead; - else - op_fns->populate_ops = cperf_set_ops_cipher_auth; + op_fns->populate_ops = cperf_set_ops_cipher_auth; return 0; } if (options->op_type == CPERF_AUTH_ONLY) { diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h index 0e53c03f90..10cd2d8a3c 100644 --- a/app/test-crypto-perf/cperf_options.h +++ b/app/test-crypto-perf/cperf_options.h @@ -29,8 +29,15 @@ #define CPERF_AUTH_OP ("auth-op") #define CPERF_AUTH_KEY_SZ ("auth-key-sz") #define CPERF_AUTH_IV_SZ ("auth-iv-sz") -#define CPERF_AUTH_DIGEST_SZ ("auth-digest-sz") -#define CPERF_AUTH_AAD_SZ ("auth-aad-sz") + +#define CPERF_AEAD_ALGO ("aead-algo") +#define CPERF_AEAD_OP ("aead-op") +#define CPERF_AEAD_KEY_SZ ("aead-key-sz") +#define CPERF_AEAD_IV_SZ ("aead-iv-sz") +#define CPERF_AEAD_AAD_SZ ("aead-aad-sz") + +#define CPERF_DIGEST_SZ ("digest-sz") + #define CPERF_CSV ("csv-friendly") #define MAX_LIST 32 @@ -78,8 +85,15 @@ struct cperf_options { uint16_t auth_key_sz; uint16_t auth_iv_sz; - uint16_t auth_digest_sz; - uint16_t auth_aad_sz; + + enum rte_crypto_aead_algorithm aead_algo; + enum rte_crypto_aead_operation aead_op; + + uint16_t aead_key_sz; + uint16_t aead_iv_sz; + uint16_t aead_aad_sz; + + uint16_t digest_sz; char device_type[RTE_CRYPTODEV_NAME_LEN]; enum cperf_op_type op_type; diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c index 5c2dcffdf0..085aa8fe81 100644 --- a/app/test-crypto-perf/cperf_options_parsing.c +++ b/app/test-crypto-perf/cperf_options_parsing.c @@ -543,9 +543,9 @@ parse_auth_key_sz(struct cperf_options *opts, const char *arg) } static int -parse_auth_digest_sz(struct cperf_options *opts, const char *arg) +parse_digest_sz(struct cperf_options *opts, const char *arg) { - return parse_uint16_t(&opts->auth_digest_sz, arg); + return parse_uint16_t(&opts->digest_sz, arg); } static int @@ -555,9 +555,64 @@ parse_auth_iv_sz(struct cperf_options *opts, const char *arg) } static int -parse_auth_aad_sz(struct cperf_options *opts, const char *arg) +parse_aead_algo(struct cperf_options *opts, const char *arg) { - return parse_uint16_t(&opts->auth_aad_sz, arg); + enum rte_crypto_aead_algorithm aead_algo; + + if (rte_cryptodev_get_aead_algo_enum(&aead_algo, arg) < 0) { + RTE_LOG(ERR, USER1, "Invalid AEAD algorithm specified\n"); + return -1; + } + + opts->aead_algo = aead_algo; + + return 0; +} + +static int +parse_aead_op(struct cperf_options *opts, const char *arg) +{ + struct name_id_map aead_op_namemap[] = { + { + rte_crypto_aead_operation_strings + [RTE_CRYPTO_AEAD_OP_ENCRYPT], + RTE_CRYPTO_AEAD_OP_ENCRYPT }, + { + rte_crypto_aead_operation_strings + [RTE_CRYPTO_AEAD_OP_DECRYPT], + RTE_CRYPTO_AEAD_OP_DECRYPT + } + }; + + int id = get_str_key_id_mapping(aead_op_namemap, + RTE_DIM(aead_op_namemap), arg); + if (id < 0) { + RTE_LOG(ERR, USER1, "invalid AEAD operation specified" + "\n"); + return -1; + } + + opts->aead_op = (enum rte_crypto_aead_operation)id; + + return 0; +} + +static int +parse_aead_key_sz(struct cperf_options *opts, const char *arg) +{ + return parse_uint16_t(&opts->aead_key_sz, arg); +} + +static int +parse_aead_iv_sz(struct cperf_options *opts, const char *arg) +{ + return parse_uint16_t(&opts->aead_iv_sz, arg); +} + +static int +parse_aead_aad_sz(struct cperf_options *opts, const char *arg) +{ + return parse_uint16_t(&opts->aead_aad_sz, arg); } static int @@ -606,8 +661,17 @@ static struct option lgopts[] = { { CPERF_AUTH_OP, required_argument, 0, 0 }, { CPERF_AUTH_KEY_SZ, required_argument, 0, 0 }, - { CPERF_AUTH_DIGEST_SZ, required_argument, 0, 0 }, - { CPERF_AUTH_AAD_SZ, required_argument, 0, 0 }, + { CPERF_AUTH_IV_SZ, required_argument, 0, 0 }, + + { CPERF_AEAD_ALGO, required_argument, 0, 0 }, + { CPERF_AEAD_OP, required_argument, 0, 0 }, + + { CPERF_AEAD_KEY_SZ, required_argument, 0, 0 }, + { CPERF_AEAD_AAD_SZ, required_argument, 0, 0 }, + { CPERF_AEAD_IV_SZ, required_argument, 0, 0 }, + + { CPERF_DIGEST_SZ, required_argument, 0, 0 }, + { CPERF_CSV, no_argument, 0, 0}, { NULL, 0, 0, 0 } @@ -656,9 +720,13 @@ cperf_options_default(struct cperf_options *opts) opts->auth_op = RTE_CRYPTO_AUTH_OP_GENERATE; opts->auth_key_sz = 64; - opts->auth_digest_sz = 12; opts->auth_iv_sz = 0; - opts->auth_aad_sz = 0; + + opts->aead_key_sz = 0; + opts->aead_iv_sz = 0; + opts->aead_aad_sz = 0; + + opts->digest_sz = 12; } static int @@ -686,9 +754,13 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options *opts) { CPERF_AUTH_OP, parse_auth_op }, { CPERF_AUTH_KEY_SZ, parse_auth_key_sz }, { CPERF_AUTH_IV_SZ, parse_auth_iv_sz }, - { CPERF_AUTH_DIGEST_SZ, parse_auth_digest_sz }, - { CPERF_AUTH_AAD_SZ, parse_auth_aad_sz }, - { CPERF_CSV, parse_csv_friendly}, + { CPERF_AEAD_ALGO, parse_aead_algo }, + { CPERF_AEAD_OP, parse_aead_op }, + { CPERF_AEAD_KEY_SZ, parse_aead_key_sz }, + { CPERF_AEAD_IV_SZ, parse_aead_iv_sz }, + { CPERF_AEAD_AAD_SZ, parse_aead_aad_sz }, + { CPERF_DIGEST_SZ, parse_digest_sz }, + { CPERF_CSV, parse_csv_friendly}, }; unsigned int i; @@ -725,11 +797,56 @@ cperf_options_parse(struct cperf_options *options, int argc, char **argv) return 0; } -int -cperf_options_check(struct cperf_options *options) +static int +check_cipher_buffer_length(struct cperf_options *options) { uint32_t buffer_size, buffer_size_idx = 0; + if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_CBC || + options->cipher_algo == RTE_CRYPTO_CIPHER_AES_ECB) { + if (options->inc_buffer_size != 0) + buffer_size = options->min_buffer_size; + else + buffer_size = options->buffer_size_list[0]; + + while (buffer_size <= options->max_buffer_size) { + if ((buffer_size % AES_BLOCK_SIZE) != 0) { + RTE_LOG(ERR, USER1, "Some of the buffer sizes are " + "not suitable for the algorithm selected\n"); + return -EINVAL; + } + + if (options->inc_buffer_size != 0) + buffer_size += options->inc_buffer_size; + else { + if (++buffer_size_idx == options->buffer_size_count) + break; + buffer_size = options->buffer_size_list[buffer_size_idx]; + } + + } + } + + if (options->cipher_algo == RTE_CRYPTO_CIPHER_DES_CBC || + options->cipher_algo == RTE_CRYPTO_CIPHER_3DES_CBC || + options->cipher_algo == RTE_CRYPTO_CIPHER_3DES_ECB) { + for (buffer_size = options->min_buffer_size; + buffer_size < options->max_buffer_size; + buffer_size += options->inc_buffer_size) { + if ((buffer_size % DES_BLOCK_SIZE) != 0) { + RTE_LOG(ERR, USER1, "Some of the buffer sizes are " + "not suitable for the algorithm selected\n"); + return -EINVAL; + } + } + } + + return 0; +} + +int +cperf_options_check(struct cperf_options *options) +{ if (options->segments_nb > options->min_buffer_size) { RTE_LOG(ERR, USER1, "Segments number greater than buffer size.\n"); @@ -803,67 +920,13 @@ cperf_options_check(struct cperf_options *options) " options: decrypt and verify.\n"); return -EINVAL; } - } else if (options->op_type == CPERF_AEAD) { - if (!(options->cipher_op == RTE_CRYPTO_CIPHER_OP_ENCRYPT && - options->auth_op == - RTE_CRYPTO_AUTH_OP_GENERATE) && - !(options->cipher_op == - RTE_CRYPTO_CIPHER_OP_DECRYPT && - options->auth_op == - RTE_CRYPTO_AUTH_OP_VERIFY)) { - RTE_LOG(ERR, USER1, "Use together options: encrypt and" - " generate or decrypt and verify.\n"); - return -EINVAL; - } } - if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM || - options->cipher_algo == RTE_CRYPTO_CIPHER_AES_CCM || - options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM || - options->auth_algo == RTE_CRYPTO_AUTH_AES_CCM) { - if (options->op_type != CPERF_AEAD) { - RTE_LOG(ERR, USER1, "Use --optype aead\n"); + if (options->op_type == CPERF_CIPHER_ONLY || + options->op_type == CPERF_CIPHER_THEN_AUTH || + options->op_type == CPERF_AUTH_THEN_CIPHER) { + if (check_cipher_buffer_length(options) < 0) return -EINVAL; - } - } - - if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_CBC || - options->cipher_algo == RTE_CRYPTO_CIPHER_AES_ECB) { - if (options->inc_buffer_size != 0) - buffer_size = options->min_buffer_size; - else - buffer_size = options->buffer_size_list[0]; - - while (buffer_size <= options->max_buffer_size) { - if ((buffer_size % AES_BLOCK_SIZE) != 0) { - RTE_LOG(ERR, USER1, "Some of the buffer sizes are " - "not suitable for the algorithm selected\n"); - return -EINVAL; - } - - if (options->inc_buffer_size != 0) - buffer_size += options->inc_buffer_size; - else { - if (++buffer_size_idx == options->buffer_size_count) - break; - buffer_size = options->buffer_size_list[buffer_size_idx]; - } - - } - } - - if (options->cipher_algo == RTE_CRYPTO_CIPHER_DES_CBC || - options->cipher_algo == RTE_CRYPTO_CIPHER_3DES_CBC || - options->cipher_algo == RTE_CRYPTO_CIPHER_3DES_ECB) { - for (buffer_size = options->min_buffer_size; - buffer_size < options->max_buffer_size; - buffer_size += options->inc_buffer_size) { - if ((buffer_size % DES_BLOCK_SIZE) != 0) { - RTE_LOG(ERR, USER1, "Some of the buffer sizes are " - "not suitable for the algorithm selected\n"); - return -EINVAL; - } - } } return 0; @@ -914,23 +977,20 @@ cperf_options_dump(struct cperf_options *opts) if (opts->op_type == CPERF_AUTH_ONLY || opts->op_type == CPERF_CIPHER_THEN_AUTH || - opts->op_type == CPERF_AUTH_THEN_CIPHER || - opts->op_type == CPERF_AEAD) { + opts->op_type == CPERF_AUTH_THEN_CIPHER) { printf("# auth algorithm: %s\n", rte_crypto_auth_algorithm_strings[opts->auth_algo]); printf("# auth operation: %s\n", rte_crypto_auth_operation_strings[opts->auth_op]); printf("# auth key size: %u\n", opts->auth_key_sz); printf("# auth iv size: %u\n", opts->auth_iv_sz); - printf("# auth digest size: %u\n", opts->auth_digest_sz); - printf("# auth aad size: %u\n", opts->auth_aad_sz); + printf("# auth digest size: %u\n", opts->digest_sz); printf("#\n"); } if (opts->op_type == CPERF_CIPHER_ONLY || opts->op_type == CPERF_CIPHER_THEN_AUTH || - opts->op_type == CPERF_AUTH_THEN_CIPHER || - opts->op_type == CPERF_AEAD) { + opts->op_type == CPERF_AUTH_THEN_CIPHER) { printf("# cipher algorithm: %s\n", rte_crypto_cipher_algorithm_strings[opts->cipher_algo]); printf("# cipher operation: %s\n", @@ -939,4 +999,16 @@ cperf_options_dump(struct cperf_options *opts) printf("# cipher iv size: %u\n", opts->cipher_iv_sz); printf("#\n"); } + + if (opts->op_type == CPERF_AEAD) { + printf("# aead algorithm: %s\n", + rte_crypto_aead_algorithm_strings[opts->aead_algo]); + printf("# aead operation: %s\n", + rte_crypto_aead_operation_strings[opts->aead_op]); + printf("# aead key size: %u\n", opts->aead_key_sz); + printf("# aead iv size: %u\n", opts->aead_iv_sz); + printf("# aead digest size: %u\n", opts->digest_sz); + printf("# aead aad size: %u\n", opts->aead_aad_sz); + printf("#\n"); + } } diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c index 9ac932a366..8841d396a0 100644 --- a/app/test-crypto-perf/cperf_test_latency.c +++ b/app/test-crypto-perf/cperf_test_latency.c @@ -167,14 +167,14 @@ cperf_mbuf_create(struct rte_mempool *mempool, if (options->op_type != CPERF_CIPHER_ONLY) { mbuf_data = (uint8_t *)rte_pktmbuf_append(mbuf, - options->auth_digest_sz); + options->digest_sz); if (mbuf_data == NULL) goto error; } if (options->op_type == CPERF_AEAD) { uint8_t *aead = (uint8_t *)rte_pktmbuf_prepend(mbuf, - RTE_ALIGN_CEIL(options->auth_aad_sz, 16)); + RTE_ALIGN_CEIL(options->aead_aad_sz, 16)); if (aead == NULL) goto error; @@ -229,7 +229,7 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id, RTE_CACHE_LINE_ROUNDUP( (options->max_buffer_size / options->segments_nb) + (options->max_buffer_size % options->segments_nb) + - options->auth_digest_sz), + options->digest_sz), rte_socket_id()); if (ctx->pkt_mbuf_pool_in == NULL) @@ -259,7 +259,7 @@ cperf_latency_test_constructor(uint8_t dev_id, uint16_t qp_id, RTE_PKTMBUF_HEADROOM + RTE_CACHE_LINE_ROUNDUP( options->max_buffer_size + - options->auth_digest_sz), + options->digest_sz), rte_socket_id()); if (ctx->pkt_mbuf_pool_out == NULL) diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-perf/cperf_test_throughput.c index f279bb1315..87fac0fb70 100644 --- a/app/test-crypto-perf/cperf_test_throughput.c +++ b/app/test-crypto-perf/cperf_test_throughput.c @@ -151,14 +151,14 @@ cperf_mbuf_create(struct rte_mempool *mempool, if (options->op_type != CPERF_CIPHER_ONLY) { mbuf_data = (uint8_t *)rte_pktmbuf_append(mbuf, - options->auth_digest_sz); + options->digest_sz); if (mbuf_data == NULL) goto error; } if (options->op_type == CPERF_AEAD) { uint8_t *aead = (uint8_t *)rte_pktmbuf_prepend(mbuf, - RTE_ALIGN_CEIL(options->auth_aad_sz, 16)); + RTE_ALIGN_CEIL(options->aead_aad_sz, 16)); if (aead == NULL) goto error; @@ -212,7 +212,7 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id, RTE_CACHE_LINE_ROUNDUP( (options->max_buffer_size / options->segments_nb) + (options->max_buffer_size % options->segments_nb) + - options->auth_digest_sz), + options->digest_sz), rte_socket_id()); if (ctx->pkt_mbuf_pool_in == NULL) @@ -240,7 +240,7 @@ cperf_throughput_test_constructor(uint8_t dev_id, uint16_t qp_id, RTE_PKTMBUF_HEADROOM + RTE_CACHE_LINE_ROUNDUP( options->max_buffer_size + - options->auth_digest_sz), + options->digest_sz), rte_socket_id()); if (ctx->pkt_mbuf_pool_out == NULL) diff --git a/app/test-crypto-perf/cperf_test_vector_parsing.c b/app/test-crypto-perf/cperf_test_vector_parsing.c index 68e55bb4f1..148a604142 100644 --- a/app/test-crypto-perf/cperf_test_vector_parsing.c +++ b/app/test-crypto-perf/cperf_test_vector_parsing.c @@ -394,12 +394,12 @@ parse_entry(char *entry, struct cperf_test_vector *vector, if (tc_found) vector->aad.length = data_length; else { - if (opts->auth_aad_sz > data_length) { + if (opts->aead_aad_sz > data_length) { printf("Global aad shorter than " - "auth_aad_sz\n"); + "aead_aad_sz\n"); return -1; } - vector->aad.length = opts->auth_aad_sz; + vector->aad.length = opts->aead_aad_sz; } } else if (strstr(key_token, "digest")) { @@ -410,12 +410,12 @@ parse_entry(char *entry, struct cperf_test_vector *vector, if (tc_found) vector->digest.length = data_length; else { - if (opts->auth_digest_sz > data_length) { + if (opts->digest_sz > data_length) { printf("Global digest shorter than " - "auth_digest_sz\n"); + "digest_sz\n"); return -1; } - vector->digest.length = opts->auth_digest_sz; + vector->digest.length = opts->digest_sz; } } else { printf("Not valid key: '%s'\n", trim_space(key_token)); diff --git a/app/test-crypto-perf/cperf_test_vectors.c b/app/test-crypto-perf/cperf_test_vectors.c index 1d10c865bc..e51dcc3f1f 100644 --- a/app/test-crypto-perf/cperf_test_vectors.c +++ b/app/test-crypto-perf/cperf_test_vectors.c @@ -417,6 +417,13 @@ uint8_t auth_key[] = { 0x78, 0x79, 0x7A, 0x7B, 0x7C, 0x7D, 0x7E, 0x7F }; +/* AEAD key */ +uint8_t aead_key[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, + 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F +}; + /* Digests */ uint8_t digest[2048] = { 0x00 }; @@ -435,8 +442,7 @@ cperf_test_vector_get_dummy(struct cperf_options *options) if (options->op_type == CPERF_CIPHER_ONLY || options->op_type == CPERF_CIPHER_THEN_AUTH || - options->op_type == CPERF_AUTH_THEN_CIPHER || - options->op_type == CPERF_AEAD) { + options->op_type == CPERF_AUTH_THEN_CIPHER) { if (options->cipher_algo == RTE_CRYPTO_CIPHER_NULL) { t_vec->cipher_key.length = 0; t_vec->ciphertext.data = plaintext; @@ -473,40 +479,32 @@ cperf_test_vector_get_dummy(struct cperf_options *options) if (options->op_type == CPERF_AUTH_ONLY || options->op_type == CPERF_CIPHER_THEN_AUTH || - options->op_type == CPERF_AUTH_THEN_CIPHER || - options->op_type == CPERF_AEAD) { - uint8_t aad_alloc = 0; - - t_vec->auth_key.length = options->auth_key_sz; - - switch (options->auth_algo) { - case RTE_CRYPTO_AUTH_NULL: - t_vec->auth_key.data = NULL; - aad_alloc = 0; - break; - case RTE_CRYPTO_AUTH_AES_GCM: + options->op_type == CPERF_AUTH_THEN_CIPHER) { + if (options->auth_algo == RTE_CRYPTO_AUTH_NULL) { + t_vec->auth_key.length = 0; t_vec->auth_key.data = NULL; - aad_alloc = 1; - break; - default: + t_vec->digest.data = NULL; + t_vec->digest.length = 0; + } else { + t_vec->auth_key.length = options->auth_key_sz; t_vec->auth_key.data = auth_key; - aad_alloc = 0; - break; - } - if (aad_alloc && options->auth_aad_sz) { - t_vec->aad.data = rte_malloc(NULL, - options->auth_aad_sz, 16); - if (t_vec->aad.data == NULL) { - if (options->op_type != CPERF_AUTH_ONLY) - rte_free(t_vec->cipher_iv.data); + t_vec->digest.data = rte_malloc(NULL, + options->digest_sz, + 16); + if (t_vec->digest.data == NULL) { + rte_free(t_vec->cipher_iv.data); rte_free(t_vec); return NULL; } - memcpy(t_vec->aad.data, aad, options->auth_aad_sz); - } else { - t_vec->aad.data = NULL; + t_vec->digest.phys_addr = + rte_malloc_virt2phy(t_vec->digest.data); + t_vec->digest.length = options->digest_sz; + memcpy(t_vec->digest.data, digest, + options->digest_sz); } + t_vec->data.auth_offset = 0; + t_vec->data.auth_length = options->max_buffer_size; /* Set IV parameters */ t_vec->auth_iv.data = rte_malloc(NULL, options->auth_iv_sz, @@ -519,26 +517,52 @@ cperf_test_vector_get_dummy(struct cperf_options *options) } memcpy(t_vec->auth_iv.data, iv, options->auth_iv_sz); t_vec->auth_iv.length = options->auth_iv_sz; + } - t_vec->aad.phys_addr = rte_malloc_virt2phy(t_vec->aad.data); - t_vec->aad.length = options->auth_aad_sz; - t_vec->digest.data = rte_malloc(NULL, options->auth_digest_sz, - 16); + if (options->op_type == CPERF_AEAD) { + t_vec->aead_key.length = options->aead_key_sz; + t_vec->aead_key.data = aead_key; + + if (options->aead_aad_sz) { + t_vec->aad.data = rte_malloc(NULL, + options->aead_aad_sz, 16); + if (t_vec->aad.data == NULL) { + rte_free(t_vec); + return NULL; + } + memcpy(t_vec->aad.data, aad, options->aead_aad_sz); + t_vec->aad.phys_addr = rte_malloc_virt2phy(t_vec->aad.data); + t_vec->aad.length = options->aead_aad_sz; + } else { + t_vec->aad.data = NULL; + t_vec->aad.length = 0; + } + + t_vec->digest.data = rte_malloc(NULL, options->digest_sz, + 16); if (t_vec->digest.data == NULL) { - if (options->op_type != CPERF_AUTH_ONLY) - rte_free(t_vec->cipher_iv.data); - rte_free(t_vec->auth_iv.data); rte_free(t_vec->aad.data); rte_free(t_vec); return NULL; } t_vec->digest.phys_addr = rte_malloc_virt2phy(t_vec->digest.data); - t_vec->digest.length = options->auth_digest_sz; - memcpy(t_vec->digest.data, digest, options->auth_digest_sz); - t_vec->data.auth_offset = 0; - t_vec->data.auth_length = options->max_buffer_size; - } + t_vec->digest.length = options->digest_sz; + memcpy(t_vec->digest.data, digest, options->digest_sz); + t_vec->data.aead_offset = 0; + t_vec->data.aead_length = options->max_buffer_size; + /* Set IV parameters */ + t_vec->aead_iv.data = rte_malloc(NULL, options->aead_iv_sz, + 16); + if (options->aead_iv_sz && t_vec->aead_iv.data == NULL) { + rte_free(t_vec->aad.data); + rte_free(t_vec->digest.data); + rte_free(t_vec); + return NULL; + } + memcpy(t_vec->aead_iv.data, iv, options->aead_iv_sz); + t_vec->aead_iv.length = options->aead_iv_sz; + } return t_vec; } diff --git a/app/test-crypto-perf/cperf_test_vectors.h b/app/test-crypto-perf/cperf_test_vectors.h index 7f9c4faa58..85955703cb 100644 --- a/app/test-crypto-perf/cperf_test_vectors.h +++ b/app/test-crypto-perf/cperf_test_vectors.h @@ -51,6 +51,11 @@ struct cperf_test_vector { uint16_t length; } auth_key; + struct { + uint8_t *data; + uint16_t length; + } aead_key; + struct { uint8_t *data; uint16_t length; @@ -61,6 +66,11 @@ struct cperf_test_vector { uint16_t length; } auth_iv; + struct { + uint8_t *data; + uint16_t length; + } aead_iv; + struct { uint8_t *data; uint32_t length; @@ -83,6 +93,8 @@ struct cperf_test_vector { uint32_t auth_length; uint32_t cipher_offset; uint32_t cipher_length; + uint32_t aead_offset; + uint32_t aead_length; } data; }; diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c index 9b83d7a1d4..3ee056009d 100644 --- a/app/test-crypto-perf/cperf_test_verify.c +++ b/app/test-crypto-perf/cperf_test_verify.c @@ -155,14 +155,14 @@ cperf_mbuf_create(struct rte_mempool *mempool, if (options->op_type != CPERF_CIPHER_ONLY) { mbuf_data = (uint8_t *)rte_pktmbuf_append(mbuf, - options->auth_digest_sz); + options->digest_sz); if (mbuf_data == NULL) goto error; } if (options->op_type == CPERF_AEAD) { uint8_t *aead = (uint8_t *)rte_pktmbuf_prepend(mbuf, - RTE_ALIGN_CEIL(options->auth_aad_sz, 16)); + RTE_ALIGN_CEIL(options->aead_aad_sz, 16)); if (aead == NULL) goto error; @@ -216,7 +216,7 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id, RTE_CACHE_LINE_ROUNDUP( (options->max_buffer_size / options->segments_nb) + (options->max_buffer_size % options->segments_nb) + - options->auth_digest_sz), + options->digest_sz), rte_socket_id()); if (ctx->pkt_mbuf_pool_in == NULL) @@ -244,7 +244,7 @@ cperf_verify_test_constructor(uint8_t dev_id, uint16_t qp_id, RTE_PKTMBUF_HEADROOM + RTE_CACHE_LINE_ROUNDUP( options->max_buffer_size + - options->auth_digest_sz), + options->digest_sz), rte_socket_id()); if (ctx->pkt_mbuf_pool_out == NULL) @@ -379,7 +379,7 @@ cperf_verify_op(struct rte_crypto_op *op, if (options->auth_op == RTE_CRYPTO_AUTH_OP_GENERATE) res += memcmp(data + auth_offset, vector->digest.data, - options->auth_digest_sz); + options->digest_sz); } return !!res; diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c index 3f700961a5..4dea6d71cf 100644 --- a/app/test-crypto-perf/main.c +++ b/app/test-crypto-perf/main.c @@ -155,8 +155,7 @@ cperf_verify_devices_capabilities(struct cperf_options *opts, if (opts->op_type == CPERF_AUTH_ONLY || opts->op_type == CPERF_CIPHER_THEN_AUTH || - opts->op_type == CPERF_AUTH_THEN_CIPHER || - opts->op_type == CPERF_AEAD) { + opts->op_type == CPERF_AUTH_THEN_CIPHER) { cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH; cap_idx.algo.auth = opts->auth_algo; @@ -169,8 +168,8 @@ cperf_verify_devices_capabilities(struct cperf_options *opts, ret = rte_cryptodev_sym_capability_check_auth( capability, opts->auth_key_sz, - opts->auth_digest_sz, - opts->auth_aad_sz, + opts->digest_sz, + 0, opts->auth_iv_sz); if (ret != 0) return ret; @@ -178,8 +177,7 @@ cperf_verify_devices_capabilities(struct cperf_options *opts, if (opts->op_type == CPERF_CIPHER_ONLY || opts->op_type == CPERF_CIPHER_THEN_AUTH || - opts->op_type == CPERF_AUTH_THEN_CIPHER || - opts->op_type == CPERF_AEAD) { + opts->op_type == CPERF_AUTH_THEN_CIPHER) { cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER; cap_idx.algo.cipher = opts->cipher_algo; @@ -196,6 +194,26 @@ cperf_verify_devices_capabilities(struct cperf_options *opts, if (ret != 0) return ret; } + + if (opts->op_type == CPERF_AEAD) { + + cap_idx.type = RTE_CRYPTO_SYM_XFORM_AEAD; + cap_idx.algo.aead = opts->aead_algo; + + capability = rte_cryptodev_sym_capability_get(cdev_id, + &cap_idx); + if (capability == NULL) + return -1; + + ret = rte_cryptodev_sym_capability_check_aead( + capability, + opts->aead_key_sz, + opts->digest_sz, + opts->aead_aad_sz, + opts->aead_iv_sz); + if (ret != 0) + return ret; + } } return 0; @@ -244,7 +262,7 @@ cperf_check_test_vector(struct cperf_options *opts, return -1; if (test_vec->digest.data == NULL) return -1; - if (test_vec->digest.length < opts->auth_digest_sz) + if (test_vec->digest.length < opts->digest_sz) return -1; } @@ -285,7 +303,7 @@ cperf_check_test_vector(struct cperf_options *opts, return -1; if (test_vec->digest.data == NULL) return -1; - if (test_vec->digest.length < opts->auth_digest_sz) + if (test_vec->digest.length < opts->digest_sz) return -1; } } else if (opts->op_type == CPERF_AEAD) { @@ -297,17 +315,17 @@ cperf_check_test_vector(struct cperf_options *opts, return -1; if (test_vec->ciphertext.length < opts->max_buffer_size) return -1; - if (test_vec->cipher_iv.data == NULL) + if (test_vec->aead_iv.data == NULL) return -1; - if (test_vec->cipher_iv.length != opts->cipher_iv_sz) + if (test_vec->aead_iv.length != opts->aead_iv_sz) return -1; if (test_vec->aad.data == NULL) return -1; - if (test_vec->aad.length != opts->auth_aad_sz) + if (test_vec->aad.length != opts->aead_aad_sz) return -1; if (test_vec->digest.data == NULL) return -1; - if (test_vec->digest.length < opts->auth_digest_sz) + if (test_vec->digest.length < opts->digest_sz) return -1; } return 0; diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst index c0accfcebf..25b53dcd70 100644 --- a/doc/guides/tools/cryptoperf.rst +++ b/doc/guides/tools/cryptoperf.rst @@ -294,13 +294,37 @@ The following are the appication command-line options: Set the size of auth iv. -* ``--auth-digest-sz `` +* ``--aead-algo `` - Set the size of authentication digest. + Set AEAD algorithm name, where ``name`` is one + of the following:: + + aes-ccm + aes-gcm + +* ``--aead-op `` + + Set AEAD operation mode, where ``mode`` is one of + the following:: + + encrypt + decrypt + +* ``--aead-key-sz `` + + Set the size of AEAD key. + +* ``--aead-iv-sz `` + + Set the size of AEAD iv. + +* ``--aead-aad-sz `` + + Set the size of AEAD aad. -* ``--auth-aad-sz `` +* ``--digest-sz `` - Set the size of authentication aad. + Set the size of digest. * ``--csv-friendly`` @@ -375,7 +399,7 @@ one million operations, burst size 32, packet size 64:: dpdk-test-crypto-perf -l 6-7 --vdev crypto_aesni_mb_pmd -w 0000:00:00.0 -- --ptest throughput --devtype crypto_aesni_mb --optype cipher-then-auth --cipher-algo aes-cbc --cipher-op encrypt --cipher-key-sz 16 --auth-algo - sha1-hmac --auth-op generate --auth-key-sz 64 --auth-digest-sz 12 + sha1-hmac --auth-op generate --auth-key-sz 64 --digest-sz 12 --total-ops 10000000 --burst-sz 32 --buffer-sz 64 Call application for performance latency test of two Aesni MB PMD executed @@ -393,10 +417,9 @@ in silent mode, test vector provide in file "test_aes_gcm.data" with packet verification:: dpdk-test-crypto-perf -l 4-7 --vdev crypto_openssl -w 0000:00:00.0 -- - --devtype crypto_openssl --cipher-algo aes-gcm --cipher-key-sz 16 - --cipher-iv-sz 16 --cipher-op encrypt --auth-algo aes-gcm --auth-key-sz 16 - --auth-digest-sz 16 --auth-aad-sz 16 --auth-op generate --optype aead - --silent --ptest verify --total-ops 10 + --devtype crypto_openssl --aead-algo aes-gcm --aead-key-sz 16 + --aead-iv-sz 16 --aead-op encrypt --aead-aad-sz 16 --digest-sz 16 + --optype aead --silent --ptest verify --total-ops 10 --test-file test_aes_gcm.data Test vector file for cipher algorithm aes cbc 256 with authorization sha:: -- 2.20.1