summaryrefslogtreecommitdiff
path: root/doc/guides/tools/cryptoperf.rst
blob: 2fc65441dc98689a316024c15e1d4c0bcdc1e8c2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
..  SPDX-License-Identifier: BSD-3-Clause
    Copyright(c) 2016 Intel Corporation.

dpdk-test-crypto-perf Application
=================================

The ``dpdk-test-crypto-perf`` tool is a Data Plane Development Kit (DPDK)
utility that allows measuring performance parameters of PMDs available in the
crypto tree. There are available two measurement types: throughput and latency.
User can use multiply cores to run tests on but only
one type of crypto PMD can be measured during single application
execution. Cipher parameters, type of device, type of operation and
chain mode have to be specified in the command line as application
parameters. These parameters are checked using device capabilities
structure.

Limitations
-----------
On hardware devices the cycle-count doesn't always represent the actual offload
cost. The cycle-count only represents the offload cost when the hardware
accelerator is not fully loaded, when loaded the cpu cycles freed up by the
offload are still consumed by the test tool and included in the cycle-count.
These cycles are consumed by retries and inefficient API calls enqueuing and
dequeuing smaller bursts than specified by the cmdline parameter. This results
in a larger cycle-count measurement and should not be interpreted as an offload
cost measurement. Using "pmd-cyclecount" mode will give a better idea of
actual costs of hardware acceleration.

On hardware devices the throughput measurement is not necessarily the maximum
possible for the device, e.g. it may be necessary to use multiple cores to keep
the hardware accelerator fully loaded and so measure maximum throughput.

Compiling the Application
-------------------------

**Step 1: PMD setting**

The ``dpdk-test-crypto-perf`` tool depends on crypto device drivers PMD which
are disabled by default in the build configuration file ``common_base``.
The crypto device drivers PMD which should be tested can be enabled by setting::

   CONFIG_RTE_LIBRTE_PMD_<name>=y

Setting example for open ssl PMD::

   CONFIG_RTE_LIBRTE_PMD_OPENSSL=y

**Step 2: Linearization setting**

It is possible linearized input segmented packets just before crypto operation
for devices which doesn't support scatter-gather, and allows to measure
performance also for this use case.

To set on the linearization options add below definition to the
``cperf_ops.h`` file::

   #define CPERF_LINEARIZATION_ENABLE

**Step 3: Build the application**

Execute the ``dpdk-setup.sh`` script to build the DPDK library together with the
``dpdk-test-crypto-perf`` application.

Initially, the user must select a DPDK target to choose the correct target type
and compiler options to use when building the libraries.
The user must have all libraries, modules, updates and compilers installed
in the system prior to this,
as described in the earlier chapters in this Getting Started Guide.

Running the Application
-----------------------

The tool application has a number of command line options:

.. code-block:: console

   dpdk-test-crypto-perf [EAL Options] -- [Application Options]

EAL Options
~~~~~~~~~~~

The following are the EAL command-line options that can be used in conjunction
with the ``dpdk-test-crypto-perf`` application.
See the DPDK Getting Started Guides for more information on these options.

*   ``-c <COREMASK>`` or ``-l <CORELIST>``

        Set the hexadecimal bitmask of the cores to run on. The corelist is a
        list cores to use.

*   ``-w <PCI>``

        Add a PCI device in white list.

*   ``--vdev <driver><id>``

        Add a virtual device.

Application Options
~~~~~~~~~~~~~~~~~~~

The following are the application command-line options:

* ``--ptest type``

        Set test type, where ``type`` is one of the following::

           throughput
           latency
           verify
           pmd-cyclecount

* ``--silent``

        Disable options dump.

* ``--pool-sz <n>``

        Set the number of mbufs to be allocated in the mbuf pool.

* ``--total-ops <n>``

        Set the number of total operations performed.

* ``--burst-sz <n>``

        Set the number of packets per burst.

        This can be set as:
          * Single value (i.e. ``--burst-sz 16``)
          * Range of values, using the following structure ``min:inc:max``,
            where ``min`` is minimum size, ``inc`` is the increment size and ``max``
            is the maximum size (i.e. ``--burst-sz 16:2:32``)
          * List of values, up to 32 values, separated in commas (i.e. ``--burst-sz 16,24,32``)

* ``--buffer-sz <n>``

        Set the size of single packet (plaintext or ciphertext in it).

        This can be set as:
          * Single value (i.e. ``--buffer-sz 16``)
          * Range of values, using the following structure ``min:inc:max``,
            where ``min`` is minimum size, ``inc`` is the increment size and ``max``
            is the maximum size (i.e. ``--buffer-sz 16:2:32``)
          * List of values, up to 32 values, separated in commas (i.e. ``--buffer-sz 32,64,128``)

* ``--imix <n>``

        Set the distribution of packet sizes.

        A list of weights must be passed, containing the same number of items than buffer-sz,
        so each item in this list will be the weight of the packet size on the same position
        in the buffer-sz parameter (a list have to be passed in that parameter).

        Example:

        To test a distribution of 20% packets of 64 bytes, 40% packets of 100 bytes and 40% packets
        of 256 bytes, the command line would be: ``--buffer-sz 64,100,256 --imix 20,40,40``.
        Note that the weights do not have to be percentages, so using ``--imix 1,2,2`` would result
        in the same distribution

* ``--segment-sz <n>``

        Set the size of the segment to use, for Scatter Gather List testing.
        By default, it is set to the size of the maximum buffer size, including the digest size,
        so a single segment is created.

* ``--devtype <name>``

        Set device type, where ``name`` is one of the following::

           crypto_null
           crypto_aesni_mb
           crypto_aesni_gcm
           crypto_openssl
           crypto_qat
           crypto_snow3g
           crypto_kasumi
           crypto_zuc
           crypto_dpaa_sec
           crypto_dpaa2_sec
           crypto_armv8
           crypto_scheduler
           crypto_mvsam

* ``--optype <name>``

        Set operation type, where ``name`` is one of the following::

           cipher-only
           auth-only
           cipher-then-auth
           auth-then-cipher
           aead

        For GCM/CCM algorithms you should use aead flag.

* ``--sessionless``

        Enable session-less crypto operations mode.

* ``--out-of-place``

        Enable out-of-place crypto operations mode.

* ``--test-file <name>``

        Set test vector file path. See the Test Vector File chapter.

* ``--test-name <name>``

        Set specific test name section in the test vector file.

* ``--cipher-algo <name>``

        Set cipher algorithm name, where ``name`` is one of the following::

           3des-cbc
           3des-ecb
           3des-ctr
           aes-cbc
           aes-ctr
           aes-ecb
           aes-f8
           aes-xts
           arc4
           null
           kasumi-f8
           snow3g-uea2
           zuc-eea3

* ``--cipher-op <mode>``

        Set cipher operation mode, where ``mode`` is one of the following::

           encrypt
           decrypt

* ``--cipher-key-sz <n>``

        Set the size of cipher key.

* ``--cipher-iv-sz <n>``

        Set the size of cipher iv.

* ``--auth-algo <name>``

        Set authentication algorithm name, where ``name`` is one
        of the following::

           3des-cbc
           aes-cbc-mac
           aes-cmac
           aes-gmac
           aes-xcbc-mac
           md5
           md5-hmac
           sha1
           sha1-hmac
           sha2-224
           sha2-224-hmac
           sha2-256
           sha2-256-hmac
           sha2-384
           sha2-384-hmac
           sha2-512
           sha2-512-hmac
           kasumi-f9
           snow3g-uia2
           zuc-eia3

* ``--auth-op <mode>``

        Set authentication operation mode, where ``mode`` is one of
        the following::

           verify
           generate

* ``--auth-key-sz <n>``

        Set the size of authentication key.

* ``--auth-iv-sz <n>``

        Set the size of auth iv.

* ``--aead-algo <name>``

        Set AEAD algorithm name, where ``name`` is one
        of the following::

           aes-ccm
           aes-gcm

* ``--aead-op <mode>``

        Set AEAD operation mode, where ``mode`` is one of
        the following::

           encrypt
           decrypt

* ``--aead-key-sz <n>``

        Set the size of AEAD key.

* ``--aead-iv-sz <n>``

        Set the size of AEAD iv.

* ``--aead-aad-sz <n>``

        Set the size of AEAD aad.

* ``--digest-sz <n>``

        Set the size of digest.

* ``--desc-nb <n>``

        Set number of descriptors for each crypto device.

* ``--pmd-cyclecount-delay-ms <n>``

        Add a delay (in milliseconds) between enqueue and dequeue in
        pmd-cyclecount benchmarking mode (useful when benchmarking
        hardware acceleration).

* ``--csv-friendly``

        Enable test result output CSV friendly rather than human friendly.

Test Vector File
~~~~~~~~~~~~~~~~

The test vector file is a text file contain information about test vectors.
The file is made of the sections. The first section doesn't have header.
It contain global information used in each test variant vectors -
typically information about plaintext, ciphertext, cipher key, auth key,
initial vector. All other sections begin header.
The sections contain particular information typically digest.

**Format of the file:**

Each line beginning with sign '#' contain comment and it is ignored by parser::

   # <comment>

Header line is just name in square bracket::

   [<section name>]

Data line contain information token then sign '=' and
a string of bytes in C byte array format::

   <token> = <C byte array>

**Tokens list:**

* ``plaintext``

        Original plaintext to be encrypted.

* ``ciphertext``

        Encrypted plaintext string.

* ``cipher_key``

        Key used in cipher operation.

* ``auth_key``

        Key used in auth operation.

* ``cipher_iv``

        Cipher Initial Vector.

* ``auth_iv``

        Auth Initial Vector.

* ``aad``

        Additional data.

* ``digest``

        Digest string.

Examples
--------

Call application for performance throughput test of single Aesni MB PMD
for cipher encryption aes-cbc and auth generation sha1-hmac,
one million operations, burst size 32, packet size 64::

   dpdk-test-crypto-perf -l 6-7 --vdev crypto_aesni_mb -w 0000:00:00.0 --
   --ptest throughput --devtype crypto_aesni_mb --optype cipher-then-auth
   --cipher-algo aes-cbc --cipher-op encrypt --cipher-key-sz 16 --auth-algo
   sha1-hmac --auth-op generate --auth-key-sz 64 --digest-sz 12
   --total-ops 10000000 --burst-sz 32 --buffer-sz 64

Call application for performance latency test of two Aesni MB PMD executed
on two cores for cipher encryption aes-cbc, ten operations in silent mode::

   dpdk-test-crypto-perf -l 4-7 --vdev crypto_aesni_mb1
   --vdev crypto_aesni_mb2 -w 0000:00:00.0 -- --devtype crypto_aesni_mb
   --cipher-algo aes-cbc --cipher-key-sz 16 --cipher-iv-sz 16
   --cipher-op encrypt --optype cipher-only --silent
   --ptest latency --total-ops 10

Call application for verification test of single open ssl PMD
for cipher encryption aes-gcm and auth generation aes-gcm,ten operations
in silent mode, test vector provide in file "test_aes_gcm.data"
with packet verification::

   dpdk-test-crypto-perf -l 4-7 --vdev crypto_openssl -w 0000:00:00.0 --
   --devtype crypto_openssl --aead-algo aes-gcm --aead-key-sz 16
   --aead-iv-sz 16 --aead-op encrypt --aead-aad-sz 16 --digest-sz 16
   --optype aead --silent --ptest verify --total-ops 10
   --test-file test_aes_gcm.data

Test vector file for cipher algorithm aes cbc 256 with authorization sha::

   # Global Section
   plaintext =
   0xff, 0xca, 0xfb, 0xf1, 0x38, 0x20, 0x2f, 0x7b, 0x24, 0x98, 0x26, 0x7d, 0x1d, 0x9f, 0xb3, 0x93,
   0xd9, 0xef, 0xbd, 0xad, 0x4e, 0x40, 0xbd, 0x60, 0xe9, 0x48, 0x59, 0x90, 0x67, 0xd7, 0x2b, 0x7b,
   0x8a, 0xe0, 0x4d, 0xb0, 0x70, 0x38, 0xcc, 0x48, 0x61, 0x7d, 0xee, 0xd6, 0x35, 0x49, 0xae, 0xb4,
   0xaf, 0x6b, 0xdd, 0xe6, 0x21, 0xc0, 0x60, 0xce, 0x0a, 0xf4, 0x1c, 0x2e, 0x1c, 0x8d, 0xe8, 0x7b
   ciphertext =
   0x77, 0xF9, 0xF7, 0x7A, 0xA3, 0xCB, 0x68, 0x1A, 0x11, 0x70, 0xD8, 0x7A, 0xB6, 0xE2, 0x37, 0x7E,
   0xD1, 0x57, 0x1C, 0x8E, 0x85, 0xD8, 0x08, 0xBF, 0x57, 0x1F, 0x21, 0x6C, 0xAD, 0xAD, 0x47, 0x1E,
   0x0D, 0x6B, 0x79, 0x39, 0x15, 0x4E, 0x5B, 0x59, 0x2D, 0x76, 0x87, 0xA6, 0xD6, 0x47, 0x8F, 0x82,
   0xB8, 0x51, 0x91, 0x32, 0x60, 0xCB, 0x97, 0xDE, 0xBE, 0xF0, 0xAD, 0xFC, 0x23, 0x2E, 0x22, 0x02
   cipher_key =
   0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2, 0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A,
   0xd0, 0xe7, 0x4b, 0xfb, 0x5d, 0xe5, 0x0c, 0xe7, 0x6f, 0x21, 0xb5, 0x52, 0x2a, 0xbb, 0xc7, 0xf7
   auth_key =
   0xaf, 0x96, 0x42, 0xf1, 0x8c, 0x50, 0xdc, 0x67, 0x1a, 0x43, 0x47, 0x62, 0xc7, 0x04, 0xab, 0x05,
   0xf5, 0x0c, 0xe7, 0xa2, 0xa6, 0x23, 0xd5, 0x3d, 0x95, 0xd8, 0xcd, 0x86, 0x79, 0xf5, 0x01, 0x47,
   0x4f, 0xf9, 0x1d, 0x9d, 0x36, 0xf7, 0x68, 0x1a, 0x64, 0x44, 0x58, 0x5d, 0xe5, 0x81, 0x15, 0x2a,
   0x41, 0xe4, 0x0e, 0xaa, 0x1f, 0x04, 0x21, 0xff, 0x2c, 0xf3, 0x73, 0x2b, 0x48, 0x1e, 0xd2, 0xf7
   cipher_iv =
   0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
   # Section sha 1 hmac buff 32
   [sha1_hmac_buff_32]
   digest =
   0x36, 0xCA, 0x49, 0x6A, 0xE3, 0x54, 0xD8, 0x4F, 0x0B, 0x76, 0xD8, 0xAA, 0x78, 0xEB, 0x9D, 0x65,
   0x2C, 0xCA, 0x1F, 0x97
   # Section sha 256 hmac buff 32
   [sha256_hmac_buff_32]
   digest =
   0x1C, 0xB2, 0x3D, 0xD1, 0xF9, 0xC7, 0x6C, 0x49, 0x2E, 0xDA, 0x94, 0x8B, 0xF1, 0xCF, 0x96, 0x43,
   0x67, 0x50, 0x39, 0x76, 0xB5, 0xA1, 0xCE, 0xA1, 0xD7, 0x77, 0x10, 0x07, 0x43, 0x37, 0x05, 0xB4