From patchwork Thu Dec 7 13:02:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 134913 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B343043699; Thu, 7 Dec 2023 14:02:31 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7F46142EF4; Thu, 7 Dec 2023 14:02:27 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id C8FC242EF1 for ; Thu, 7 Dec 2023 14:02:25 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3B76LnVn016466; Thu, 7 Dec 2023 05:02:25 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=cn3d8h7Vp+rBBgcCRgrjSgfRqqhsdqIQIVT9og//Byo=; b=d0Fcx7zyej7MAAMpb/qTF+4Zd1xk85qGvTO/W/2ydQR5j8JHdYD2jM2QuAI2zKlObgG4 oCVeGQ8RKxQD2wXhW7SSxvu9ztIbzQRgmHJ5hQNBd32h5xPFHuz7z3B1MdPo0JrAQyoR mIwPLOYjDVwAXHiZs8Up1cS1ECaU2QQf3pC23mtWMJW/S8z4PnK2HwSddhIQlfiwuMwQ gsN80P3q8RC/yRVIwfgZgxkWBAkMurmqSARllqU70dOxix0wm6GPO8pDg202EbVMfrU+ n830tJMiHyfkRZnKBLeUHoclWsLU6aaDAnwCk8hN83wcs8k9pAd5PsY0GtvjfxyhiYGE 4A== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3uu8qe98j4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 07 Dec 2023 05:02:24 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Thu, 7 Dec 2023 05:02:23 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Thu, 7 Dec 2023 05:02:23 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.28.163.189]) by maili.marvell.com (Postfix) with ESMTP id 5FDAA3F7051; Thu, 7 Dec 2023 05:02:20 -0800 (PST) From: Anoob Joseph To: Akhil Goyal , Jerin Jacob CC: Harry van Haaren , Hemant Agrawal , Konstantin Ananyev , , Vidya Sagar Velumuri Subject: [PATCH 01/14] test/crypto: move security caps checks to separate file Date: Thu, 7 Dec 2023 18:32:03 +0530 Message-ID: <20231207130216.140-2-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20231207130216.140-1-anoobj@marvell.com> References: <20231207130216.140-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: Z6Ju6yZSRAr_8mVGBpkfUI1uvCHuQHer X-Proofpoint-ORIG-GUID: Z6Ju6yZSRAr_8mVGBpkfUI1uvCHuQHer X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-12-07_10,2023-12-07_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Move routines performing security caps verifications to a separate file to allow the usage of same for other protocol tests such as TLS record. Signed-off-by: Anoob Joseph Signed-off-by: Vidya Sagar Velumuri --- app/test-security-perf/meson.build | 1 + app/test-security-perf/test_security_perf.c | 17 ++--- app/test/meson.build | 1 + app/test/test_cryptodev.c | 17 ++--- app/test/test_cryptodev_security_ipsec.c | 78 ------------------- app/test/test_cryptodev_security_ipsec.h | 12 --- app/test/test_security_inline_proto.c | 12 +-- app/test/test_security_proto.c | 83 +++++++++++++++++++++ app/test/test_security_proto.h | 20 +++++ 9 files changed, 121 insertions(+), 120 deletions(-) create mode 100644 app/test/test_security_proto.c create mode 100644 app/test/test_security_proto.h diff --git a/app/test-security-perf/meson.build b/app/test-security-perf/meson.build index 076999022e..547de9c908 100644 --- a/app/test-security-perf/meson.build +++ b/app/test-security-perf/meson.build @@ -10,5 +10,6 @@ endif sources = files( 'test_security_perf.c', '../test/test_cryptodev_security_ipsec.c', + '../test/test_security_proto.c', ) deps += ['security', 'cmdline'] diff --git a/app/test-security-perf/test_security_perf.c b/app/test-security-perf/test_security_perf.c index 4dfaca4800..c64f20e76c 100644 --- a/app/test-security-perf/test_security_perf.c +++ b/app/test-security-perf/test_security_perf.c @@ -16,6 +16,7 @@ #include #include #include +#include #define NB_DESC 4096 #define DEF_NB_SESSIONS (16 * 10 * 1024) /* 16 * 10K tunnels */ @@ -258,9 +259,7 @@ sec_conf_init(struct lcore_conf *conf, conf->aead_xform.aead.iv.offset = IV_OFFSET; /* Verify crypto capabilities */ - if (test_ipsec_crypto_caps_aead_verify( - sec_cap, - &conf->aead_xform) != 0) { + if (test_sec_crypto_caps_aead_verify(sec_cap, &conf->aead_xform) != 0) { RTE_LOG(ERR, USER1, "Crypto capabilities not supported\n"); return -1; @@ -270,9 +269,7 @@ sec_conf_init(struct lcore_conf *conf, sizeof(conf->auth_xform)); conf->auth_xform.auth.key.data = td[0].auth_key.data; - if (test_ipsec_crypto_caps_auth_verify( - sec_cap, - &conf->auth_xform) != 0) { + if (test_sec_crypto_caps_auth_verify(sec_cap, &conf->auth_xform) != 0) { RTE_LOG(INFO, USER1, "Auth crypto capabilities not supported\n"); return -1; @@ -288,17 +285,13 @@ sec_conf_init(struct lcore_conf *conf, /* Verify crypto capabilities */ - if (test_ipsec_crypto_caps_cipher_verify( - sec_cap, - &conf->cipher_xform) != 0) { + if (test_sec_crypto_caps_cipher_verify(sec_cap, &conf->cipher_xform) != 0) { RTE_LOG(ERR, USER1, "Cipher crypto capabilities not supported\n"); return -1; } - if (test_ipsec_crypto_caps_auth_verify( - sec_cap, - &conf->auth_xform) != 0) { + if (test_sec_crypto_caps_auth_verify(sec_cap, &conf->auth_xform) != 0) { RTE_LOG(ERR, USER1, "Auth crypto capabilities not supported\n"); return -1; diff --git a/app/test/meson.build b/app/test/meson.build index dcc93f4a43..58e120a6ab 100644 --- a/app/test/meson.build +++ b/app/test/meson.build @@ -169,6 +169,7 @@ source_file_deps = { 'test_security.c': ['net', 'security'], 'test_security_inline_macsec.c': ['ethdev', 'security'], 'test_security_inline_proto.c': ['ethdev', 'security', 'eventdev'] + test_cryptodev_deps, + 'test_security_proto.c' : ['cryptodev', 'security'], 'test_seqlock.c': [], 'test_service_cores.c': [], 'test_spinlock.c': [], diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 58561ededf..9644566acc 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -53,6 +53,7 @@ #include "test_cryptodev_security_pdcp_sdap_test_vectors.h" #include "test_cryptodev_security_pdcp_test_func.h" #include "test_cryptodev_security_docsis_test_vectors.h" +#include "test_security_proto.h" #define SDAP_DISABLED 0 #define SDAP_ENABLED 1 @@ -10229,9 +10230,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], ut_params->aead_xform.aead.iv.offset = IV_OFFSET; /* Verify crypto capabilities */ - if (test_ipsec_crypto_caps_aead_verify( - sec_cap, - &ut_params->aead_xform) != 0) { + if (test_sec_crypto_caps_aead_verify(sec_cap, &ut_params->aead_xform) != 0) { if (!silent) RTE_LOG(INFO, USER1, "Crypto capabilities not supported\n"); @@ -10242,9 +10241,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], sizeof(ut_params->auth_xform)); ut_params->auth_xform.auth.key.data = td[0].auth_key.data; - if (test_ipsec_crypto_caps_auth_verify( - sec_cap, - &ut_params->auth_xform) != 0) { + if (test_sec_crypto_caps_auth_verify(sec_cap, &ut_params->auth_xform) != 0) { if (!silent) RTE_LOG(INFO, USER1, "Auth crypto capabilities not supported\n"); @@ -10261,18 +10258,14 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], /* Verify crypto capabilities */ - if (test_ipsec_crypto_caps_cipher_verify( - sec_cap, - &ut_params->cipher_xform) != 0) { + if (test_sec_crypto_caps_cipher_verify(sec_cap, &ut_params->cipher_xform) != 0) { if (!silent) RTE_LOG(INFO, USER1, "Cipher crypto capabilities not supported\n"); return TEST_SKIPPED; } - if (test_ipsec_crypto_caps_auth_verify( - sec_cap, - &ut_params->auth_xform) != 0) { + if (test_sec_crypto_caps_auth_verify(sec_cap, &ut_params->auth_xform) != 0) { if (!silent) RTE_LOG(INFO, USER1, "Auth crypto capabilities not supported\n"); diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 205714b270..01e0a45ffd 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -224,84 +224,6 @@ test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, return 0; } -int -test_ipsec_crypto_caps_aead_verify( - const struct rte_security_capability *sec_cap, - struct rte_crypto_sym_xform *aead) -{ - const struct rte_cryptodev_symmetric_capability *sym_cap; - const struct rte_cryptodev_capabilities *crypto_cap; - int j = 0; - - while ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op != - RTE_CRYPTO_OP_TYPE_UNDEFINED) { - if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && - crypto_cap->sym.xform_type == aead->type && - crypto_cap->sym.aead.algo == aead->aead.algo) { - sym_cap = &crypto_cap->sym; - if (rte_cryptodev_sym_capability_check_aead(sym_cap, - aead->aead.key.length, - aead->aead.digest_length, - aead->aead.aad_length, - aead->aead.iv.length) == 0) - return 0; - } - } - - return -ENOTSUP; -} - -int -test_ipsec_crypto_caps_cipher_verify( - const struct rte_security_capability *sec_cap, - struct rte_crypto_sym_xform *cipher) -{ - const struct rte_cryptodev_symmetric_capability *sym_cap; - const struct rte_cryptodev_capabilities *cap; - int j = 0; - - while ((cap = &sec_cap->crypto_capabilities[j++])->op != - RTE_CRYPTO_OP_TYPE_UNDEFINED) { - if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && - cap->sym.xform_type == cipher->type && - cap->sym.cipher.algo == cipher->cipher.algo) { - sym_cap = &cap->sym; - if (rte_cryptodev_sym_capability_check_cipher(sym_cap, - cipher->cipher.key.length, - cipher->cipher.iv.length) == 0) - return 0; - } - } - - return -ENOTSUP; -} - -int -test_ipsec_crypto_caps_auth_verify( - const struct rte_security_capability *sec_cap, - struct rte_crypto_sym_xform *auth) -{ - const struct rte_cryptodev_symmetric_capability *sym_cap; - const struct rte_cryptodev_capabilities *cap; - int j = 0; - - while ((cap = &sec_cap->crypto_capabilities[j++])->op != - RTE_CRYPTO_OP_TYPE_UNDEFINED) { - if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && - cap->sym.xform_type == auth->type && - cap->sym.auth.algo == auth->auth.algo) { - sym_cap = &cap->sym; - if (rte_cryptodev_sym_capability_check_auth(sym_cap, - auth->auth.key.length, - auth->auth.digest_length, - auth->auth.iv.length) == 0) - return 0; - } - } - - return -ENOTSUP; -} - void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, struct ipsec_test_data *td_in) diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index d7fc562751..dc1b4c4a80 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -263,18 +263,6 @@ int test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, const struct rte_security_capability *sec_cap, bool silent); -int test_ipsec_crypto_caps_aead_verify( - const struct rte_security_capability *sec_cap, - struct rte_crypto_sym_xform *aead); - -int test_ipsec_crypto_caps_cipher_verify( - const struct rte_security_capability *sec_cap, - struct rte_crypto_sym_xform *cipher); - -int test_ipsec_crypto_caps_auth_verify( - const struct rte_security_capability *sec_cap, - struct rte_crypto_sym_xform *auth); - void test_ipsec_td_in_from_out(const struct ipsec_test_data *td_out, struct ipsec_test_data *td_in); diff --git a/app/test/test_security_inline_proto.c b/app/test/test_security_inline_proto.c index 78a2064b65..9644a3c39c 100644 --- a/app/test/test_security_inline_proto.c +++ b/app/test/test_security_inline_proto.c @@ -12,6 +12,7 @@ #include "test.h" #include "test_security_inline_proto_vectors.h" +#include "test_security_proto.h" #ifdef RTE_EXEC_ENV_WINDOWS static int @@ -248,8 +249,7 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid, sizeof(struct rte_crypto_sym_xform)); sess_conf->crypto_xform->aead.key.data = sa->key.data; /* Verify crypto capabilities */ - if (test_ipsec_crypto_caps_aead_verify(sec_cap, - sess_conf->crypto_xform) != 0) { + if (test_sec_crypto_caps_aead_verify(sec_cap, sess_conf->crypto_xform) != 0) { RTE_LOG(INFO, USER1, "Crypto capabilities not supported\n"); return TEST_SKIPPED; @@ -268,14 +268,14 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid, sess_conf->crypto_xform->next->auth.key.data = sa->auth_key.data; /* Verify crypto capabilities */ - if (test_ipsec_crypto_caps_cipher_verify(sec_cap, + if (test_sec_crypto_caps_cipher_verify(sec_cap, sess_conf->crypto_xform) != 0) { RTE_LOG(INFO, USER1, "Cipher crypto capabilities not supported\n"); return TEST_SKIPPED; } - if (test_ipsec_crypto_caps_auth_verify(sec_cap, + if (test_sec_crypto_caps_auth_verify(sec_cap, sess_conf->crypto_xform->next) != 0) { RTE_LOG(INFO, USER1, "Auth crypto capabilities not supported\n"); @@ -294,14 +294,14 @@ create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid, sa->key.data; /* Verify crypto capabilities */ - if (test_ipsec_crypto_caps_cipher_verify(sec_cap, + if (test_sec_crypto_caps_cipher_verify(sec_cap, sess_conf->crypto_xform->next) != 0) { RTE_LOG(INFO, USER1, "Cipher crypto capabilities not supported\n"); return TEST_SKIPPED; } - if (test_ipsec_crypto_caps_auth_verify(sec_cap, + if (test_sec_crypto_caps_auth_verify(sec_cap, sess_conf->crypto_xform) != 0) { RTE_LOG(INFO, USER1, "Auth crypto capabilities not supported\n"); diff --git a/app/test/test_security_proto.c b/app/test/test_security_proto.c new file mode 100644 index 0000000000..bc4c5e11d2 --- /dev/null +++ b/app/test/test_security_proto.c @@ -0,0 +1,83 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2023 Marvell. + */ + +#include +#include + +#include "test_security_proto.h" + +int +test_sec_crypto_caps_aead_verify(const struct rte_security_capability *sec_cap, + struct rte_crypto_sym_xform *aead) +{ + const struct rte_cryptodev_symmetric_capability *sym_cap; + const struct rte_cryptodev_capabilities *crypto_cap; + int j = 0; + + while ((crypto_cap = &sec_cap->crypto_capabilities[j++])->op != + RTE_CRYPTO_OP_TYPE_UNDEFINED) { + if (crypto_cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && + crypto_cap->sym.xform_type == aead->type && + crypto_cap->sym.aead.algo == aead->aead.algo) { + sym_cap = &crypto_cap->sym; + if (rte_cryptodev_sym_capability_check_aead(sym_cap, + aead->aead.key.length, + aead->aead.digest_length, + aead->aead.aad_length, + aead->aead.iv.length) == 0) + return 0; + } + } + + return -ENOTSUP; +} + +int +test_sec_crypto_caps_cipher_verify(const struct rte_security_capability *sec_cap, + struct rte_crypto_sym_xform *cipher) +{ + const struct rte_cryptodev_symmetric_capability *sym_cap; + const struct rte_cryptodev_capabilities *cap; + int j = 0; + + while ((cap = &sec_cap->crypto_capabilities[j++])->op != + RTE_CRYPTO_OP_TYPE_UNDEFINED) { + if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && + cap->sym.xform_type == cipher->type && + cap->sym.cipher.algo == cipher->cipher.algo) { + sym_cap = &cap->sym; + if (rte_cryptodev_sym_capability_check_cipher(sym_cap, + cipher->cipher.key.length, + cipher->cipher.iv.length) == 0) + return 0; + } + } + + return -ENOTSUP; +} + +int +test_sec_crypto_caps_auth_verify(const struct rte_security_capability *sec_cap, + struct rte_crypto_sym_xform *auth) +{ + const struct rte_cryptodev_symmetric_capability *sym_cap; + const struct rte_cryptodev_capabilities *cap; + int j = 0; + + while ((cap = &sec_cap->crypto_capabilities[j++])->op != + RTE_CRYPTO_OP_TYPE_UNDEFINED) { + if (cap->op == RTE_CRYPTO_OP_TYPE_SYMMETRIC && + cap->sym.xform_type == auth->type && + cap->sym.auth.algo == auth->auth.algo) { + sym_cap = &cap->sym; + if (rte_cryptodev_sym_capability_check_auth(sym_cap, + auth->auth.key.length, + auth->auth.digest_length, + auth->auth.iv.length) == 0) + return 0; + } + } + + return -ENOTSUP; +} diff --git a/app/test/test_security_proto.h b/app/test/test_security_proto.h new file mode 100644 index 0000000000..b91181384b --- /dev/null +++ b/app/test/test_security_proto.h @@ -0,0 +1,20 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2023 Marvell. + */ + +#ifndef _TEST_SECURITY_PROTO_H_ +#define _TEST_SECURITY_PROTO_H_ + +#include +#include + +int test_sec_crypto_caps_aead_verify(const struct rte_security_capability *sec_cap, + struct rte_crypto_sym_xform *aead); + +int test_sec_crypto_caps_cipher_verify(const struct rte_security_capability *sec_cap, + struct rte_crypto_sym_xform *cipher); + +int test_sec_crypto_caps_auth_verify(const struct rte_security_capability *sec_cap, + struct rte_crypto_sym_xform *auth); + +#endif