From patchwork Tue Sep 7 16:17:40 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 98200 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AF5E8A0C46; Tue, 7 Sep 2021 18:18:10 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9C2A841167; Tue, 7 Sep 2021 18:18:10 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id A7562410EC for ; Tue, 7 Sep 2021 18:18:09 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 187C3woJ025669; Tue, 7 Sep 2021 09:18:09 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=4w9OHb7boEJZEDDn+iTg3sAQ8cfcEMUj3c0w8pLaC3M=; b=VLlUlIhWcQXqtZRqMlimPAI7QdZaPEZsnClxE6be+U3A5t4afeF1dWfIP+CS0RUl+LUl /9934U5XdnoCbQHjkAlBMUfyTAxn+hhv/rFvGNaSTZRBLfsA/8vQbZzxIBGrirGr/Qtf Ti20f+pC38mv0tm2J9MX1LsYw339OeueENTLc2tSZOPAWd8hv6ZIwBoXYGFGfGT2WyH/ dnc3J90MJJH1s8yb0g7cicAe6q2UDfFlIbG6WM9FDwl4KyY7HefE+ICZ9Ezw7/6rTaxJ aBoYPHtluwwHzMWjwbGPaHvJiPeiC6o8oNzB2S5AbVvpVoGuj09ZcZDS6FzWOaxY46JD eA== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com with ESMTP id 3awty5u2en-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 07 Sep 2021 09:18:08 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 7 Sep 2021 09:18:06 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 7 Sep 2021 09:18:06 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 17AEC3F7087; Tue, 7 Sep 2021 09:18:00 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Gagandeep Singh , Date: Tue, 7 Sep 2021 21:47:40 +0530 Message-ID: <1631031463-211-2-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1631031463-211-1-git-send-email-anoobj@marvell.com> References: <1630940307-78-1-git-send-email-anoobj@marvell.com> <1631031463-211-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: oLpqiIYLDv91f-B6TkeEqhmT1joH6yba X-Proofpoint-ORIG-GUID: oLpqiIYLDv91f-B6TkeEqhmT1joH6yba X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-07_05,2021-09-07_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH v3 1/3] security: support user specified IV X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Enable user to provide IV to be used per security operation. This would be used with lookaside protocol offload for comparing against known vectors. By default, PMD would generate IV internally and would be random. Signed-off-by: Anoob Joseph Acked-by: Akhil Goyal Acked-by: Konstantin Ananyev --- doc/guides/rel_notes/release_21_11.rst | 5 +++++ lib/security/rte_security.h | 14 ++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index 411fa95..9b14c84 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -118,6 +118,11 @@ ABI Changes Also, make sure to start the actual text at the margin. ======================================================= +* security: add IPsec SA option to disable IV generation + + * Added IPsec SA option to disable IV generation to allow known vector + tests as well as usage of application provided IV on supported PMDs. + Known Issues ------------ diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index 88d31de..b4b6776 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -181,6 +181,20 @@ struct rte_security_ipsec_sa_options { * * 0: Disable per session security statistics collection for this SA. */ uint32_t stats : 1; + + /** Disable IV generation in PMD + * + * * 1: Disable IV generation in PMD. When disabled, IV provided in + * rte_crypto_op will be used by the PMD. + * + * * 0: Enable IV generation in PMD. When enabled, PMD generated random + * value would be used and application is not required to provide + * IV. + * + * Note: For inline cases, IV generation would always need to be handled + * by the PMD. + */ + uint32_t iv_gen_disable : 1; }; /** IPSec security association direction */ From patchwork Tue Sep 7 16:17:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 98201 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id DAA58A0C46; Tue, 7 Sep 2021 18:18:18 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C9AB441164; Tue, 7 Sep 2021 18:18:18 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 27660410EF for ; Tue, 7 Sep 2021 18:18:17 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1879Yqpg016149; Tue, 7 Sep 2021 09:18:16 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=E/bNNgrHYWEummNxwTVQHcW8WH+lkGsj/KAWg6KaC4E=; b=dLOuQ33joKHAWTTmEP2WO+x14h3lxbGt2Cn7RX1/WWiA7KgEmbinqa6BhsnzQIj/TzY9 sxdNeM9uYsPzC+CVFGNY25yvrgsvyFfYHEnyWrJLPXEfcVU6Hy55tRMfHIk326rNEVhh Plp/0OPOsYp97+BhbewyCpohNgq/TfFnmmFKi3aLWYEt8DqBFoPbi2p2cJA3IAi0TH86 LW8rQDJozTBaDDEeTRaOl/qPGooDLt49plXiMKOVSpfsI4fNryQmvF0FGzYJrNj+auHV ydObptBNdzJ5HcMcdnI5EIjwWOfzsT3ytqTQXQjomuGDVxv8IrjyeWyQyVqHqQ8Nqccw zg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3ax5jjhaum-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 07 Sep 2021 09:18:16 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 7 Sep 2021 09:18:14 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 7 Sep 2021 09:18:14 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 821AC3F7087; Tue, 7 Sep 2021 09:18:08 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Tejasree Kondoj , Jerin Jacob , Archana Muniganti , Hemant Agrawal , Radu Nicolau , Ciara Power , Gagandeep Singh , , Anoob Joseph Date: Tue, 7 Sep 2021 21:47:41 +0530 Message-ID: <1631031463-211-3-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1631031463-211-1-git-send-email-anoobj@marvell.com> References: <1630940307-78-1-git-send-email-anoobj@marvell.com> <1631031463-211-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: 5OHw4iwJScgWMjhGnlMqNHRd8O6SyupL X-Proofpoint-ORIG-GUID: 5OHw4iwJScgWMjhGnlMqNHRd8O6SyupL X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-07_05,2021-09-07_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH v3 2/3] crypto/cnxk: add IV in SA in lookaside IPsec debug mode X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Tejasree Kondoj Adding IV in SA in lookaside IPsec debug mode. It helps to verify lookaside PMD using known outbound vectors in lookaside autotest. Signed-off-by: Anoob Joseph Signed-off-by: Tejasree Kondoj Acked-by: Akhil Goyal --- drivers/crypto/cnxk/cn10k_ipsec.c | 16 +++++++++ drivers/crypto/cnxk/cn10k_ipsec.h | 2 ++ drivers/crypto/cnxk/cn10k_ipsec_la_ops.h | 44 +++++++++++++++++++++++ drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 29 +++++++++++++-- drivers/crypto/cnxk/meson.build | 6 ++++ 5 files changed, 95 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c index 5c57cf2..ebb2a7e 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.c +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -57,6 +57,22 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, sa); +#ifdef LA_IPSEC_DEBUG + /* Use IV from application in debug mode */ + if (ipsec_xfrm->options.iv_gen_disable == 1) { + out_sa->w2.s.iv_src = ROC_IE_OT_SA_IV_SRC_FROM_SA; + if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + sa->iv_offset = crypto_xfrm->aead.iv.offset; + sa->iv_length = crypto_xfrm->aead.iv.length; + } + } +#else + if (ipsec_xfrm->options.iv_gen_disable != 0) { + plt_err("Application provided IV not supported"); + return -ENOTSUP; + } +#endif + /* Get Rlen calculation data */ ret = cnxk_ipsec_outb_rlens_get(&rlens, ipsec_xfrm, crypto_xfrm); if (ret) diff --git a/drivers/crypto/cnxk/cn10k_ipsec.h b/drivers/crypto/cnxk/cn10k_ipsec.h index bc52c60..6f974b7 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.h +++ b/drivers/crypto/cnxk/cn10k_ipsec.h @@ -21,6 +21,8 @@ struct cn10k_ipsec_sa { /** Pre-populated CPT inst words */ struct cnxk_cpt_inst_tmpl inst; uint16_t max_extended_len; + uint16_t iv_offset; + uint8_t iv_length; }; struct cn10k_sec_session { diff --git a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h index fe91638..862476a 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h +++ b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h @@ -12,6 +12,41 @@ #include "cn10k_ipsec.h" #include "cnxk_cryptodev.h" +static inline void +ipsec_po_sa_iv_set(struct cn10k_ipsec_sa *sess, struct rte_crypto_op *cop) +{ + uint64_t *iv = &sess->out_sa.iv.u64[0]; + uint64_t *tmp_iv; + + memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset), + 16); + tmp_iv = (uint64_t *)iv; + *tmp_iv = rte_be_to_cpu_64(*tmp_iv); + + tmp_iv = (uint64_t *)(iv + 1); + *tmp_iv = rte_be_to_cpu_64(*tmp_iv); +} + +static inline void +ipsec_po_sa_aes_gcm_iv_set(struct cn10k_ipsec_sa *sess, + struct rte_crypto_op *cop) +{ + uint8_t *iv = &sess->out_sa.iv.s.iv_dbg1[0]; + uint32_t *tmp_iv; + + memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset), + 4); + tmp_iv = (uint32_t *)iv; + *tmp_iv = rte_be_to_cpu_32(*tmp_iv); + + iv = &sess->out_sa.iv.s.iv_dbg2[0]; + memcpy(iv, + rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset + 4), + 4); + tmp_iv = (uint32_t *)iv; + *tmp_iv = rte_be_to_cpu_32(*tmp_iv); +} + static __rte_always_inline int process_outb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sess, struct cpt_inst_s *inst) @@ -24,6 +59,15 @@ process_outb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sess, return -ENOMEM; } +#ifdef LA_IPSEC_DEBUG + if (sess->out_sa.w2.s.iv_src == ROC_IE_OT_SA_IV_SRC_FROM_SA) { + if (sess->out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_GCM) + ipsec_po_sa_aes_gcm_iv_set(sess, cop); + else + ipsec_po_sa_iv_set(sess, cop); + } +#endif + /* Prepare CPT instruction */ inst->w4.u64 = sess->inst.w4; inst->w4.s.dlen = rte_pktmbuf_pkt_len(m_src); diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index c4f7824..4b97639 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -807,7 +807,7 @@ static const struct rte_security_capability sec_caps_templ[] = { .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, - .options = { 0 } + .options = { 0 }, }, .crypto_capabilities = NULL, }, @@ -818,7 +818,7 @@ static const struct rte_security_capability sec_caps_templ[] = { .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, - .options = { 0 } + .options = { 0 }, }, .crypto_capabilities = NULL, }, @@ -913,6 +913,24 @@ cnxk_sec_caps_update(struct rte_security_capability *sec_cap) sec_cap->ipsec.options.udp_encap = 1; } +static void +cn10k_sec_caps_update(struct rte_security_capability *sec_cap) +{ + if (sec_cap->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { +#ifdef LA_IPSEC_DEBUG + sec_cap->ipsec.options.iv_gen_disable = 1; +#endif + } +} + +static void +cn9k_sec_caps_update(struct rte_security_capability *sec_cap) +{ + if (sec_cap->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + sec_cap->ipsec.options.iv_gen_disable = 1; + } +} + void cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf) { @@ -928,6 +946,13 @@ cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf) vf->sec_caps[i].crypto_capabilities = vf->sec_crypto_caps; cnxk_sec_caps_update(&vf->sec_caps[i]); + + if (roc_model_is_cn10k()) + cn10k_sec_caps_update(&vf->sec_caps[i]); + + if (roc_model_is_cn9k()) + cn9k_sec_caps_update(&vf->sec_caps[i]); + } } diff --git a/drivers/crypto/cnxk/meson.build b/drivers/crypto/cnxk/meson.build index e40d132..437d208 100644 --- a/drivers/crypto/cnxk/meson.build +++ b/drivers/crypto/cnxk/meson.build @@ -24,3 +24,9 @@ sources = files( deps += ['bus_pci', 'common_cnxk', 'security', 'eventdev'] includes += include_directories('../../../lib/net') + +if get_option('buildtype').contains('debug') + cflags += [ '-DLA_IPSEC_DEBUG' ] +else + cflags += [ '-ULA_IPSEC_DEBUG' ] +endif From patchwork Tue Sep 7 16:17:42 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 98202 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 16A27A0C46; Tue, 7 Sep 2021 18:18:26 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0541D41191; Tue, 7 Sep 2021 18:18:26 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id E42994118B for ; Tue, 7 Sep 2021 18:18:24 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 187C3woM025669; Tue, 7 Sep 2021 09:18:24 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=FVhviscs5x+L18+oUd+KKJS3370AfPXHkRgYbL0RjZc=; b=VNPU9K9g0/Mnz21jkczWRF/wfGUlIY9SiN90xYDfR7g/wxKuO/U+GckPlODGWK4NJ94h ZER8XbEG2ln3gTDdt972FBHTuMAhkgVPIbnwZaEZJ/XjJww9eM/asxT36Bn+Evox6jOh 7TsNrb/jwNTOH2H5afRxU/BIqYZfjf1qCsAgCP//KHWoI7U/ChedA16xOw/DRop2kCl5 hnqBY9RqegGQ0oBS7S7RSo4AO9CpaD88F4UXM9xNlK2HApWtzfVF/rQXXJCWs7ZJct+t CnRAGqnjtXKghy488AxamFwem1ON8eDlRFlkPYgLTYXMKT0OjUql0ggUDWco4C7M/9iC kA== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3awty5u2g9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 07 Sep 2021 09:18:24 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 7 Sep 2021 09:18:21 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 7 Sep 2021 09:18:22 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id DD2D23F708F; Tue, 7 Sep 2021 09:18:16 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Gagandeep Singh , Date: Tue, 7 Sep 2021 21:47:42 +0530 Message-ID: <1631031463-211-4-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1631031463-211-1-git-send-email-anoobj@marvell.com> References: <1630940307-78-1-git-send-email-anoobj@marvell.com> <1631031463-211-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: I3sh77loSt-eIz5xqf3dYNhICd_y-2d2 X-Proofpoint-ORIG-GUID: I3sh77loSt-eIz5xqf3dYNhICd_y-2d2 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-07_05,2021-09-07_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH v3 3/3] test/crypto: add outbound known vector tests X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add outbound known vector tests. The tests would be skipped on PMDs which do not support IV provided by application. Signed-off-by: Anoob Joseph Acked-by: Akhil Goyal --- app/test/test_cryptodev.c | 44 ++++++++++++++++++++++++++++++++ app/test/test_cryptodev_security_ipsec.c | 16 +++++++++++- 2 files changed, 59 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index fefab3c..dd68080 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -8978,6 +8978,22 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], ut_params->op->sym->m_src = ut_params->ibuf; ut_params->op->sym->m_dst = NULL; + /* Copy IV in crypto operation when IV generation is disabled */ + if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && + ipsec_xform.options.iv_gen_disable == 1) { + uint8_t *iv = rte_crypto_op_ctod_offset(ut_params->op, + uint8_t *, + IV_OFFSET); + int len; + + if (td[i].aead) + len = td[i].xform.aead.aead.iv.length; + else + len = td[i].xform.chain.cipher.cipher.iv.length; + + memcpy(iv, td[i].iv.data, len); + } + /* Process crypto operation */ process_crypto_request(dev_id, ut_params->op); @@ -9015,6 +9031,22 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], } static int +test_ipsec_proto_known_vec(const void *test_data) +{ + struct ipsec_test_data td_outb; + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + memcpy(&td_outb, test_data, sizeof(td_outb)); + + /* Disable IV gen to be able to test with known vectors */ + td_outb.ipsec_xform.options.iv_gen_disable = 1; + + return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags); +} + +static int test_ipsec_proto_known_vec_inb(const void *td_outb) { struct ipsec_test_flags flags; @@ -14019,6 +14051,18 @@ static struct unit_test_suite ipsec_proto_testsuite = { .setup = ipsec_proto_testsuite_setup, .unit_test_cases = { TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 128)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, &pkt_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 192)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, &pkt_aes_192_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 256)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, &pkt_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 128)", ut_setup_security, ut_teardown, test_ipsec_proto_known_vec_inb, &pkt_aes_128_gcm), diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 5b54996..f371b15 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -77,6 +77,15 @@ test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, return -ENOTSUP; } + if ((ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) && + (ipsec_xform->options.iv_gen_disable == 1) && + (sec_cap->ipsec.options.iv_gen_disable != 1)) { + if (!silent) + RTE_LOG(INFO, USER1, + "Application provided IV is not supported\n"); + return -ENOTSUP; + } + return 0; } @@ -161,9 +170,11 @@ test_ipsec_td_prepare(const struct crypto_param *param1, td->xform.aead.aead.algo = param1->alg.aead; td->xform.aead.aead.key.length = param1->key_length; + + if (flags->iv_gen) + td->ipsec_xform.options.iv_gen_disable = 0; } - RTE_SET_USED(flags); RTE_SET_USED(param2); } @@ -187,6 +198,9 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[], if (flags->udp_encap) td_inb[i].ipsec_xform.options.udp_encap = 1; + + /* Clear outbound specific flags */ + td_inb[i].ipsec_xform.options.iv_gen_disable = 0; } }