1.. BSD LICENSE 2 Copyright(c) 2016 Intel Corporation. All rights reserved. 3 All rights reserved. 4 5 Redistribution and use in source and binary forms, with or without 6 modification, are permitted provided that the following conditions 7 are met: 8 9 * Redistributions of source code must retain the above copyright 10 notice, this list of conditions and the following disclaimer. 11 * Redistributions in binary form must reproduce the above copyright 12 notice, this list of conditions and the following disclaimer in 13 the documentation and/or other materials provided with the 14 distribution. 15 * Neither the name of Intel Corporation nor the names of its 16 contributors may be used to endorse or promote products derived 17 from this software without specific prior written permission. 18 19 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 22 A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 23 OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24 SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 25 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 31dpdk-test-crypto-perf Application 32================================= 33 34The ``dpdk-test-crypto-perf`` tool is a Data Plane Development Kit (DPDK) 35utility that allows measuring performance parameters of PMDs available in the 36crypto tree. There are available two measurement types: throughput and latency. 37User can use multiply cores to run tests on but only 38one type of crypto PMD can be measured during single application 39execution. Cipher parameters, type of device, type of operation and 40chain mode have to be specified in the command line as application 41parameters. These parameters are checked using device capabilities 42structure. 43 44Limitations 45----------- 46On hardware devices the cycle-count doesn't always represent the actual offload 47cost. The cycle-count only represents the offload cost when the hardware 48accelerator is not fully loaded, when loaded the cpu cycles freed up by the 49offload are still consumed by the test tool and included in the cycle-count. 50These cycles are consumed by retries and inefficient API calls enqueuing and 51dequeuing smaller bursts than specified by the cmdline parameter. This results 52in a larger cycle-count measurement and should not be interpreted as an offload 53cost measurement. Using "pmd-cyclecount" mode will give a better idea of 54actual costs of hardware acceleration. 55 56On hardware devices the throughput measurement is not necessarily the maximum 57possible for the device, e.g. it may be necessary to use multiple cores to keep 58the hardware accelerator fully loaded and so measure maximum throughput. 59 60Compiling the Application 61------------------------- 62 63**Step 1: PMD setting** 64 65The ``dpdk-test-crypto-perf`` tool depends on crypto device drivers PMD which 66are disabled by default in the build configuration file ``common_base``. 67The crypto device drivers PMD which should be tested can be enabled by setting:: 68 69 CONFIG_RTE_LIBRTE_PMD_<name>=y 70 71Setting example for open ssl PMD:: 72 73 CONFIG_RTE_LIBRTE_PMD_OPENSSL=y 74 75**Step 2: Linearization setting** 76 77It is possible linearized input segmented packets just before crypto operation 78for devices which doesn't support scatter-gather, and allows to measure 79performance also for this use case. 80 81To set on the linearization options add below definition to the 82``cperf_ops.h`` file:: 83 84 #define CPERF_LINEARIZATION_ENABLE 85 86**Step 3: Build the application** 87 88Execute the ``dpdk-setup.sh`` script to build the DPDK library together with the 89``dpdk-test-crypto-perf`` applcation. 90 91Initially, the user must select a DPDK target to choose the correct target type 92and compiler options to use when building the libraries. 93The user must have all libraries, modules, updates and compilers installed 94in the system prior to this, 95as described in the earlier chapters in this Getting Started Guide. 96 97Running the Application 98----------------------- 99 100The tool application has a number of command line options: 101 102.. code-block:: console 103 104 dpdk-test-crypto-perf [EAL Options] -- [Application Options] 105 106EAL Options 107~~~~~~~~~~~ 108 109The following are the EAL command-line options that can be used in conjunction 110with the ``dpdk-test-crypto-perf`` applcation. 111See the DPDK Getting Started Guides for more information on these options. 112 113* ``-c <COREMASK>`` or ``-l <CORELIST>`` 114 115 Set the hexadecimal bitmask of the cores to run on. The corelist is a 116 list cores to use. 117 118* ``-w <PCI>`` 119 120 Add a PCI device in white list. 121 122* ``--vdev <driver><id>`` 123 124 Add a virtual device. 125 126Appication Options 127~~~~~~~~~~~~~~~~~~ 128 129The following are the appication command-line options: 130 131* ``--ptest type`` 132 133 Set test type, where ``type`` is one of the following:: 134 135 throughput 136 latency 137 verify 138 pmd-cyclecount 139 140* ``--silent`` 141 142 Disable options dump. 143 144* ``--pool-sz <n>`` 145 146 Set the number of mbufs to be allocated in the mbuf pool. 147 148* ``--total-ops <n>`` 149 150 Set the number of total operations performed. 151 152* ``--burst-sz <n>`` 153 154 Set the number of packets per burst. 155 156 This can be set as: 157 * Single value (i.e. ``--burst-sz 16``) 158 * Range of values, using the following structure ``min:inc:max``, 159 where ``min`` is minimum size, ``inc`` is the increment size and ``max`` 160 is the maximum size (i.e. ``--burst-sz 16:2:32``) 161 * List of values, up to 32 values, separated in commas (i.e. ``--burst-sz 16,24,32``) 162 163* ``--buffer-sz <n>`` 164 165 Set the size of single packet (plaintext or ciphertext in it). 166 167 This can be set as: 168 * Single value (i.e. ``--buffer-sz 16``) 169 * Range of values, using the following structure ``min:inc:max``, 170 where ``min`` is minimum size, ``inc`` is the increment size and ``max`` 171 is the maximum size (i.e. ``--buffer-sz 16:2:32``) 172 * List of values, up to 32 values, separated in commas (i.e. ``--buffer-sz 32,64,128``) 173 174* ``--imix <n>`` 175 176 Set the distribution of packet sizes. 177 178 A list of weights must be passed, containing the same number of items than buffer-sz, 179 so each item in this list will be the weight of the packet size on the same position 180 in the buffer-sz parameter (a list have to be passed in that parameter). 181 182 Example: 183 184 To test a distribution of 20% packets of 64 bytes, 40% packets of 100 bytes and 40% packets 185 of 256 bytes, the command line would be: ``--buffer-sz 64,100,256 --imix 20,40,40``. 186 Note that the weights do not have to be percentages, so using ``--imix 1,2,2`` would result 187 in the same distribution 188 189* ``--segment-sz <n>`` 190 191 Set the size of the segment to use, for Scatter Gather List testing. 192 By default, it is set to the size of the maximum buffer size, including the digest size, 193 so a single segment is created. 194 195* ``--devtype <name>`` 196 197 Set device type, where ``name`` is one of the following:: 198 199 crypto_null 200 crypto_aesni_mb 201 crypto_aesni_gcm 202 crypto_openssl 203 crypto_qat 204 crypto_snow3g 205 crypto_kasumi 206 crypto_zuc 207 crypto_dpaa_sec 208 crypto_dpaa2_sec 209 crypto_armv8 210 crypto_scheduler 211 crypto_mrvl 212 213* ``--optype <name>`` 214 215 Set operation type, where ``name`` is one of the following:: 216 217 cipher-only 218 auth-only 219 cipher-then-auth 220 auth-then-cipher 221 aead 222 223 For GCM/CCM algorithms you should use aead flag. 224 225* ``--sessionless`` 226 227 Enable session-less crypto operations mode. 228 229* ``--out-of-place`` 230 231 Enable out-of-place crypto operations mode. 232 233* ``--test-file <name>`` 234 235 Set test vector file path. See the Test Vector File chapter. 236 237* ``--test-name <name>`` 238 239 Set specific test name section in the test vector file. 240 241* ``--cipher-algo <name>`` 242 243 Set cipher algorithm name, where ``name`` is one of the following:: 244 245 3des-cbc 246 3des-ecb 247 3des-ctr 248 aes-cbc 249 aes-ctr 250 aes-ecb 251 aes-f8 252 aes-xts 253 arc4 254 null 255 kasumi-f8 256 snow3g-uea2 257 zuc-eea3 258 259* ``--cipher-op <mode>`` 260 261 Set cipher operation mode, where ``mode`` is one of the following:: 262 263 encrypt 264 decrypt 265 266* ``--cipher-key-sz <n>`` 267 268 Set the size of cipher key. 269 270* ``--cipher-iv-sz <n>`` 271 272 Set the size of cipher iv. 273 274* ``--auth-algo <name>`` 275 276 Set authentication algorithm name, where ``name`` is one 277 of the following:: 278 279 3des-cbc 280 aes-cbc-mac 281 aes-cmac 282 aes-gmac 283 aes-xcbc-mac 284 md5 285 md5-hmac 286 sha1 287 sha1-hmac 288 sha2-224 289 sha2-224-hmac 290 sha2-256 291 sha2-256-hmac 292 sha2-384 293 sha2-384-hmac 294 sha2-512 295 sha2-512-hmac 296 kasumi-f9 297 snow3g-uia2 298 zuc-eia3 299 300* ``--auth-op <mode>`` 301 302 Set authentication operation mode, where ``mode`` is one of 303 the following:: 304 305 verify 306 generate 307 308* ``--auth-key-sz <n>`` 309 310 Set the size of authentication key. 311 312* ``--auth-iv-sz <n>`` 313 314 Set the size of auth iv. 315 316* ``--aead-algo <name>`` 317 318 Set AEAD algorithm name, where ``name`` is one 319 of the following:: 320 321 aes-ccm 322 aes-gcm 323 324* ``--aead-op <mode>`` 325 326 Set AEAD operation mode, where ``mode`` is one of 327 the following:: 328 329 encrypt 330 decrypt 331 332* ``--aead-key-sz <n>`` 333 334 Set the size of AEAD key. 335 336* ``--aead-iv-sz <n>`` 337 338 Set the size of AEAD iv. 339 340* ``--aead-aad-sz <n>`` 341 342 Set the size of AEAD aad. 343 344* ``--digest-sz <n>`` 345 346 Set the size of digest. 347 348* ``--desc-nb <n>`` 349 350 Set number of descriptors for each crypto device. 351 352* ``--pmd-cyclecount-delay-ms <n>`` 353 354 Add a delay (in milliseconds) between enqueue and dequeue in 355 pmd-cyclecount benchmarking mode (useful when benchmarking 356 hardware acceleration). 357 358* ``--csv-friendly`` 359 360 Enable test result output CSV friendly rather than human friendly. 361 362Test Vector File 363~~~~~~~~~~~~~~~~ 364 365The test vector file is a text file contain information about test vectors. 366The file is made of the sections. The first section doesn't have header. 367It contain global information used in each test variant vectors - 368typically information about plaintext, ciphertext, cipher key, aut key, 369initial vector. All other sections begin header. 370The sections contain particular information typically digest. 371 372**Format of the file:** 373 374Each line beginig with sign '#' contain comment and it is ignored by parser:: 375 376 # <comment> 377 378Header line is just name in square bracket:: 379 380 [<section name>] 381 382Data line contain information tocken then sign '=' and 383a string of bytes in C byte array format:: 384 385 <tocken> = <C byte array> 386 387**Tockens list:** 388 389* ``plaintext`` 390 391 Original plaintext to be crypted. 392 393* ``ciphertext`` 394 395 Encrypted plaintext string. 396 397* ``cipher_key`` 398 399 Key used in cipher operation. 400 401* ``auth_key`` 402 403 Key used in auth operation. 404 405* ``cipher_iv`` 406 407 Cipher Initial Vector. 408 409* ``auth_iv`` 410 411 Auth Initial Vector. 412 413* ``aad`` 414 415 Additional data. 416 417* ``digest`` 418 419 Digest string. 420 421Examples 422-------- 423 424Call application for performance throughput test of single Aesni MB PMD 425for cipher encryption aes-cbc and auth generation sha1-hmac, 426one million operations, burst size 32, packet size 64:: 427 428 dpdk-test-crypto-perf -l 6-7 --vdev crypto_aesni_mb -w 0000:00:00.0 -- 429 --ptest throughput --devtype crypto_aesni_mb --optype cipher-then-auth 430 --cipher-algo aes-cbc --cipher-op encrypt --cipher-key-sz 16 --auth-algo 431 sha1-hmac --auth-op generate --auth-key-sz 64 --digest-sz 12 432 --total-ops 10000000 --burst-sz 32 --buffer-sz 64 433 434Call application for performance latency test of two Aesni MB PMD executed 435on two cores for cipher encryption aes-cbc, ten operations in silent mode:: 436 437 dpdk-test-crypto-perf -l 4-7 --vdev crypto_aesni_mb1 438 --vdev crypto_aesni_mb2 -w 0000:00:00.0 -- --devtype crypto_aesni_mb 439 --cipher-algo aes-cbc --cipher-key-sz 16 --cipher-iv-sz 16 440 --cipher-op encrypt --optype cipher-only --silent 441 --ptest latency --total-ops 10 442 443Call application for verification test of single open ssl PMD 444for cipher encryption aes-gcm and auth generation aes-gcm,ten operations 445in silent mode, test vector provide in file "test_aes_gcm.data" 446with packet verification:: 447 448 dpdk-test-crypto-perf -l 4-7 --vdev crypto_openssl -w 0000:00:00.0 -- 449 --devtype crypto_openssl --aead-algo aes-gcm --aead-key-sz 16 450 --aead-iv-sz 16 --aead-op encrypt --aead-aad-sz 16 --digest-sz 16 451 --optype aead --silent --ptest verify --total-ops 10 452 --test-file test_aes_gcm.data 453 454Test vector file for cipher algorithm aes cbc 256 with authorization sha:: 455 456 # Global Section 457 plaintext = 458 0xff, 0xca, 0xfb, 0xf1, 0x38, 0x20, 0x2f, 0x7b, 0x24, 0x98, 0x26, 0x7d, 0x1d, 0x9f, 0xb3, 0x93, 459 0xd9, 0xef, 0xbd, 0xad, 0x4e, 0x40, 0xbd, 0x60, 0xe9, 0x48, 0x59, 0x90, 0x67, 0xd7, 0x2b, 0x7b, 460 0x8a, 0xe0, 0x4d, 0xb0, 0x70, 0x38, 0xcc, 0x48, 0x61, 0x7d, 0xee, 0xd6, 0x35, 0x49, 0xae, 0xb4, 461 0xaf, 0x6b, 0xdd, 0xe6, 0x21, 0xc0, 0x60, 0xce, 0x0a, 0xf4, 0x1c, 0x2e, 0x1c, 0x8d, 0xe8, 0x7b 462 ciphertext = 463 0x77, 0xF9, 0xF7, 0x7A, 0xA3, 0xCB, 0x68, 0x1A, 0x11, 0x70, 0xD8, 0x7A, 0xB6, 0xE2, 0x37, 0x7E, 464 0xD1, 0x57, 0x1C, 0x8E, 0x85, 0xD8, 0x08, 0xBF, 0x57, 0x1F, 0x21, 0x6C, 0xAD, 0xAD, 0x47, 0x1E, 465 0x0D, 0x6B, 0x79, 0x39, 0x15, 0x4E, 0x5B, 0x59, 0x2D, 0x76, 0x87, 0xA6, 0xD6, 0x47, 0x8F, 0x82, 466 0xB8, 0x51, 0x91, 0x32, 0x60, 0xCB, 0x97, 0xDE, 0xBE, 0xF0, 0xAD, 0xFC, 0x23, 0x2E, 0x22, 0x02 467 cipher_key = 468 0xE4, 0x23, 0x33, 0x8A, 0x35, 0x64, 0x61, 0xE2, 0x49, 0x03, 0xDD, 0xC6, 0xB8, 0xCA, 0x55, 0x7A, 469 0xd0, 0xe7, 0x4b, 0xfb, 0x5d, 0xe5, 0x0c, 0xe7, 0x6f, 0x21, 0xb5, 0x52, 0x2a, 0xbb, 0xc7, 0xf7 470 auth_key = 471 0xaf, 0x96, 0x42, 0xf1, 0x8c, 0x50, 0xdc, 0x67, 0x1a, 0x43, 0x47, 0x62, 0xc7, 0x04, 0xab, 0x05, 472 0xf5, 0x0c, 0xe7, 0xa2, 0xa6, 0x23, 0xd5, 0x3d, 0x95, 0xd8, 0xcd, 0x86, 0x79, 0xf5, 0x01, 0x47, 473 0x4f, 0xf9, 0x1d, 0x9d, 0x36, 0xf7, 0x68, 0x1a, 0x64, 0x44, 0x58, 0x5d, 0xe5, 0x81, 0x15, 0x2a, 474 0x41, 0xe4, 0x0e, 0xaa, 0x1f, 0x04, 0x21, 0xff, 0x2c, 0xf3, 0x73, 0x2b, 0x48, 0x1e, 0xd2, 0xf7 475 cipher_iv = 476 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F 477 # Section sha 1 hmac buff 32 478 [sha1_hmac_buff_32] 479 digest = 480 0x36, 0xCA, 0x49, 0x6A, 0xE3, 0x54, 0xD8, 0x4F, 0x0B, 0x76, 0xD8, 0xAA, 0x78, 0xEB, 0x9D, 0x65, 481 0x2C, 0xCA, 0x1F, 0x97 482 # Section sha 256 hmac buff 32 483 [sha256_hmac_buff_32] 484 digest = 485 0x1C, 0xB2, 0x3D, 0xD1, 0xF9, 0xC7, 0x6C, 0x49, 0x2E, 0xDA, 0x94, 0x8B, 0xF1, 0xCF, 0x96, 0x43, 486 0x67, 0x50, 0x39, 0x76, 0xB5, 0xA1, 0xCE, 0xA1, 0xD7, 0x77, 0x10, 0x07, 0x43, 0x37, 0x05, 0xB4 487