From patchwork Tue Sep 19 13:54:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 131633 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 22E8442606; Tue, 19 Sep 2023 15:54:25 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6A68040C35; Tue, 19 Sep 2023 15:54:24 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id EB428406FF for ; Tue, 19 Sep 2023 15:54:22 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 38J66Jpc023472 for ; Tue, 19 Sep 2023 06:54:22 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=Dd7JqVtz3uFFGe+cdTdKMpqKnUxr1ghAJs53Ny67QDc=; b=LQoqIKw6nSO/q/Yi74Whscj40AmLKROkvuJEV7dejNKHI5jw9Bv2VNP9aSNyP1/o6iXO KG+J/8qXGvkWJM2+VvP49J1yoGR0hZl+ADYr2di1JBmCcouh4S1RF160kN5yTK9ooj5t sIr67A4LhKET3CeBTh836rUObotbMqR2vxJEz/AlhvdTF8vGqH5/s+o72y7DaP9hW5W5 bir7gqEkhAYLTdFBvL19v63c7yDwAdMjcASGHi1mzHXosFrxJewJxos7Xb1StoM5LYTk xk9V/vJN8yd0X1BYDx+srEAj50nIFjJ7tWeeUnBuxct5INN74RPUvXz0YF3qkV7kut52 ZQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3t5bvkrmn2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Tue, 19 Sep 2023 06:54:22 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Tue, 19 Sep 2023 06:54:20 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Tue, 19 Sep 2023 06:54:19 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id 3D0383F70AA; Tue, 19 Sep 2023 06:54:16 -0700 (PDT) From: Akhil Goyal To: CC: , , , Akhil Goyal Subject: [PATCH v2 1/3] security: add MACsec algo in capability index Date: Tue, 19 Sep 2023 19:24:07 +0530 Message-ID: <20230919135409.2544309-2-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230919135409.2544309-1-gakhil@marvell.com> References: <20230731034447.929506-1-gakhil@marvell.com> <20230919135409.2544309-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: goNc0g4PLLcA9BVaujdBlVEVHOIyXky5 X-Proofpoint-ORIG-GUID: goNc0g4PLLcA9BVaujdBlVEVHOIyXky5 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.980,Hydra:6.0.601,FMLib:17.11.176.26 definitions=2023-09-19_06,2023-09-19_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Ankur Dwivedi This patch adds the MACsec algorithm field in security capability index structure. This field is compared against the MACsec alg to return the correct capability. Signed-off-by: Ankur Dwivedi Acked-by: Akhil Goyal --- lib/security/rte_security.c | 4 ++++ lib/security/rte_security.h | 3 +++ 2 files changed, 7 insertions(+) diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c index c4d64bb8e9..2d729b735b 100644 --- a/lib/security/rte_security.c +++ b/lib/security/rte_security.c @@ -282,6 +282,10 @@ rte_security_capability_get(struct rte_security_ctx *instance, if (capability->docsis.direction == idx->docsis.direction) return capability; + } else if (idx->protocol == + RTE_SECURITY_PROTOCOL_MACSEC) { + if (idx->macsec.alg == capability->macsec.alg) + return capability; } } } diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index c6550f4d8d..439bbb957f 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -1252,6 +1252,9 @@ struct rte_security_capability_idx { struct { enum rte_security_docsis_direction direction; } docsis; + struct { + enum rte_security_macsec_alg alg; + } macsec; }; }; From patchwork Tue Sep 19 13:54:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 131634 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8A65142606; Tue, 19 Sep 2023 15:54:33 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id AFC7B40E68; Tue, 19 Sep 2023 15:54:25 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id D171C40A8B for ; Tue, 19 Sep 2023 15:54:23 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 38J64dYB022840 for ; Tue, 19 Sep 2023 06:54:23 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=k1wrxmCizzeYjWYU8Tfpdr+bcO/NYDbhvdKr4FdZQdM=; b=N2ggV8Tiz2eiGFWcOr0urGo29bzGOnbeOWmxNB0XrMrh/kcznPdzvBhFduSv3fs3OiKM +HznPrbQVfcNIdHyoJJHR4rFmndFMlUuxJaEUVh4CWGHMfPTn1p2mjEmf9X9c5T44WzJ ltYzGfvjC+hlw/Wr0gXJOGRuWsrN/NIRiU6eB+U2Yb9J0b49A3JVHEaKLjt1u8Qt7HWI DrKps+Ixxl16DTzM89z3/73DdDo419L1Zo/NotjFXbmCPk2U4TxJrJIshpChetqd7LiS MyT3Y3xPgIhhz6U+DOhSYBgVGvwnE0Q+z/A8bW+k9LFsk1Kx3sVZttaTrZfkNfSAsZLN rg== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3t5bvkrmn6-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Tue, 19 Sep 2023 06:54:23 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Tue, 19 Sep 2023 06:54:21 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Tue, 19 Sep 2023 06:54:21 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id 87FE53F709C; Tue, 19 Sep 2023 06:54:19 -0700 (PDT) From: Akhil Goyal To: CC: , , , Akhil Goyal Subject: [PATCH v2 2/3] net/cnxk: add MACsec capability Date: Tue, 19 Sep 2023 19:24:08 +0530 Message-ID: <20230919135409.2544309-3-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230919135409.2544309-1-gakhil@marvell.com> References: <20230731034447.929506-1-gakhil@marvell.com> <20230919135409.2544309-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: u_pQZnqtvqcnkmH7V9Sqm2VcUMFApRW0 X-Proofpoint-ORIG-GUID: u_pQZnqtvqcnkmH7V9Sqm2VcUMFApRW0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.980,Hydra:6.0.601,FMLib:17.11.176.26 definitions=2023-09-19_06,2023-09-19_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Ankur Dwivedi Adds the MACsec capability for CN10K-B. The ethernet security capability structure is populated based on the feature supported by the device. Signed-off-by: Ankur Dwivedi Acked-by: Akhil Goyal --- drivers/common/cnxk/roc_features.h | 6 ++ drivers/common/cnxk/roc_mcs.h | 3 + drivers/net/cnxk/cn10k_ethdev_sec.c | 120 +++++++++++++++++++++++++++- 3 files changed, 125 insertions(+), 4 deletions(-) diff --git a/drivers/common/cnxk/roc_features.h b/drivers/common/cnxk/roc_features.h index 815f800e7a..d5d0c0c901 100644 --- a/drivers/common/cnxk/roc_features.h +++ b/drivers/common/cnxk/roc_features.h @@ -71,4 +71,10 @@ roc_feature_bphy_has_macsec(void) { return roc_model_is_cnf10kb(); } + +static inline bool +roc_feature_nix_has_inl_ipsec(void) +{ + return !roc_model_is_cnf10kb(); +} #endif diff --git a/drivers/common/cnxk/roc_mcs.h b/drivers/common/cnxk/roc_mcs.h index afac6c92e2..602f1cae1d 100644 --- a/drivers/common/cnxk/roc_mcs.h +++ b/drivers/common/cnxk/roc_mcs.h @@ -7,6 +7,9 @@ #define MCS_AES_GCM_256_KEYLEN 32 +#define ROC_MCS_MAX_AR_WINSZ BIT_ULL(31) +#define ROC_MCS_MAX_MTU (BIT_ULL(16) - 1) + struct roc_mcs_alloc_rsrc_req { uint8_t rsrc_type; uint8_t rsrc_cnt; /* Resources count */ diff --git a/drivers/net/cnxk/cn10k_ethdev_sec.c b/drivers/net/cnxk/cn10k_ethdev_sec.c index b98fc9378e..a7473922af 100644 --- a/drivers/net/cnxk/cn10k_ethdev_sec.c +++ b/drivers/net/cnxk/cn10k_ethdev_sec.c @@ -303,7 +303,7 @@ static struct rte_cryptodev_capabilities cn10k_eth_sec_crypto_caps[] = { RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; -static const struct rte_security_capability cn10k_eth_sec_capabilities[] = { +static const struct rte_security_capability cn10k_eth_sec_ipsec_capabilities[] = { { /* IPsec Inline Protocol ESP Tunnel Ingress */ .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, .protocol = RTE_SECURITY_PROTOCOL_IPSEC, @@ -401,11 +401,100 @@ static const struct rte_security_capability cn10k_eth_sec_capabilities[] = { .crypto_capabilities = cn10k_eth_sec_crypto_caps, .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA }, - { - .action = RTE_SECURITY_ACTION_TYPE_NONE - } }; +static const struct rte_security_capability cn10k_eth_sec_macsec_capabilities[] = { + { /* MACsec Inline Protocol, AES-GCM-128 algo */ + .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_MACSEC, + .macsec = { + .mtu = ROC_MCS_MAX_MTU, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_128, + .max_nb_sc = 128, + .max_nb_sa = 256, + .max_nb_sess = 256, + .replay_win_sz = ROC_MCS_MAX_AR_WINSZ, + .relative_sectag_insert = 1, + .fixed_sectag_insert = 1, + .icv_include_da_sa = 1, + .ctrl_port_enable = 1, + .preserve_sectag = 1, + .preserve_icv = 1, + .validate_frames = 1, + .re_key = 1, + .anti_replay = 1, + }, + }, + { /* MACsec Inline Protocol, AES-GCM-256 algo */ + .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_MACSEC, + .macsec = { + .mtu = ROC_MCS_MAX_MTU, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_256, + .max_nb_sc = 128, + .max_nb_sa = 256, + .max_nb_sess = 256, + .replay_win_sz = ROC_MCS_MAX_AR_WINSZ, + .relative_sectag_insert = 1, + .fixed_sectag_insert = 1, + .icv_include_da_sa = 1, + .ctrl_port_enable = 1, + .preserve_sectag = 1, + .preserve_icv = 1, + .validate_frames = 1, + .re_key = 1, + .anti_replay = 1, + }, + }, + { /* MACsec Inline Protocol, AES-GCM-XPN-128 algo */ + .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_MACSEC, + .macsec = { + .mtu = ROC_MCS_MAX_MTU, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_128, + .max_nb_sc = 128, + .max_nb_sa = 256, + .max_nb_sess = 256, + .replay_win_sz = ROC_MCS_MAX_AR_WINSZ, + .relative_sectag_insert = 1, + .fixed_sectag_insert = 1, + .icv_include_da_sa = 1, + .ctrl_port_enable = 1, + .preserve_sectag = 1, + .preserve_icv = 1, + .validate_frames = 1, + .re_key = 1, + .anti_replay = 1, + }, + }, + { /* MACsec Inline Protocol, AES-GCM-XPN-256 algo */ + .action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_MACSEC, + .macsec = { + .mtu = ROC_MCS_MAX_MTU, + .alg = RTE_SECURITY_MACSEC_ALG_GCM_XPN_256, + .max_nb_sc = 128, + .max_nb_sa = 256, + .max_nb_sess = 256, + .replay_win_sz = ROC_MCS_MAX_AR_WINSZ, + .relative_sectag_insert = 1, + .fixed_sectag_insert = 1, + .icv_include_da_sa = 1, + .ctrl_port_enable = 1, + .preserve_sectag = 1, + .preserve_icv = 1, + .validate_frames = 1, + .re_key = 1, + .anti_replay = 1, + }, + }, +}; + +#define SEC_CAPS_LEN (RTE_DIM(cn10k_eth_sec_ipsec_capabilities) + \ + RTE_DIM(cn10k_eth_sec_macsec_capabilities) + 1) + +static struct rte_security_capability cn10k_eth_sec_capabilities[SEC_CAPS_LEN]; + static inline void cnxk_pktmbuf_free_no_cache(struct rte_mbuf *mbuf) { @@ -1093,15 +1182,38 @@ cn10k_eth_sec_session_stats_get(void *device, struct rte_security_session *sess, return 0; } +static void +eth_sec_caps_add(struct rte_security_capability eth_sec_caps[], uint32_t *idx, + const struct rte_security_capability *caps, uint32_t nb_caps) +{ + PLT_VERIFY(*idx + nb_caps < SEC_CAPS_LEN); + + rte_memcpy(ð_sec_caps[*idx], caps, nb_caps * sizeof(caps[0])); + *idx += nb_caps; +} + void cn10k_eth_sec_ops_override(void) { static int init_once; + uint32_t idx = 0; if (init_once) return; init_once = 1; + if (roc_feature_nix_has_inl_ipsec()) + eth_sec_caps_add(cn10k_eth_sec_capabilities, &idx, + cn10k_eth_sec_ipsec_capabilities, + RTE_DIM(cn10k_eth_sec_ipsec_capabilities)); + + if (roc_feature_nix_has_macsec()) + eth_sec_caps_add(cn10k_eth_sec_capabilities, &idx, + cn10k_eth_sec_macsec_capabilities, + RTE_DIM(cn10k_eth_sec_macsec_capabilities)); + + cn10k_eth_sec_capabilities[idx].action = RTE_SECURITY_ACTION_TYPE_NONE; + /* Update platform specific ops */ cnxk_eth_sec_ops.macsec_sa_create = cnxk_eth_macsec_sa_create; cnxk_eth_sec_ops.macsec_sc_create = cnxk_eth_macsec_sc_create; From patchwork Tue Sep 19 13:54:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Akhil Goyal X-Patchwork-Id: 131635 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 13ED842609; Tue, 19 Sep 2023 15:54:40 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C94B440E01; Tue, 19 Sep 2023 15:54:27 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 2500F40E8A for ; Tue, 19 Sep 2023 15:54:25 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 38JDa274012098 for ; Tue, 19 Sep 2023 06:54:25 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=qFF0vSxZFIX1x0qjE+19JFshcqzyyPQ/v+b6JTapVa4=; b=aHrQuTMCIElUbWU76DnF+gVMtAsEQUdQs/8l7SdRFfzZhLI37O7lm2jLzpFlgWk3m0jj 4eMhRXMQabKv9ZUl1B4007mGRU1nc+kQWgZXw2wdtZjstqMCanKhzs3ezNbQRZIMB5sn F18SXw9kDuJqjKDialDxs7SVWINnzhCl1jOJ79uIh3vXHVmb8IMes7FM+DjIAS/Uoc0d XcGlxVnVr3fzcH9lAnWxc6ZrcATgsi9Xp6rXDbuxmTCiZW9ynvFOzeMYS5j7QCL/P3k+ /wFoKUgvCz4FFreUGpl60Tbg00h68fBBw6cRr4pGS/S2RMlsXeA/FOWyC2P9Cp10+IAt pw== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3t7cnq023c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Tue, 19 Sep 2023 06:54:25 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48; Tue, 19 Sep 2023 06:54:23 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.48 via Frontend Transport; Tue, 19 Sep 2023 06:54:23 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id C8FD23F7098; Tue, 19 Sep 2023 06:54:21 -0700 (PDT) From: Akhil Goyal To: CC: , , , Akhil Goyal Subject: [PATCH v2 3/3] test/security: add capability verification for MACsec Date: Tue, 19 Sep 2023 19:24:09 +0530 Message-ID: <20230919135409.2544309-4-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230919135409.2544309-1-gakhil@marvell.com> References: <20230731034447.929506-1-gakhil@marvell.com> <20230919135409.2544309-1-gakhil@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 2fU2auWPgTPKWfxtr_y94L9iwdB8CLRq X-Proofpoint-GUID: 2fU2auWPgTPKWfxtr_y94L9iwdB8CLRq X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.267,Aquarius:18.0.980,Hydra:6.0.601,FMLib:17.11.176.26 definitions=2023-09-19_06,2023-09-19_01,2023-05-22_02 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Ankur Dwivedi Before running each MACsec test, the device capability is read. The capability is then verified to check if the device supports a feature or not. If the feature is not supported the test is skipped. Signed-off-by: Ankur Dwivedi Signed-off-by: Akhil Goyal --- app/test/test_security_inline_macsec.c | 373 ++++++++++++++++++++----- 1 file changed, 296 insertions(+), 77 deletions(-) diff --git a/app/test/test_security_inline_macsec.c b/app/test/test_security_inline_macsec.c index 475f2aec83..40fdfda942 100644 --- a/app/test/test_security_inline_macsec.c +++ b/app/test/test_security_inline_macsec.c @@ -837,10 +837,60 @@ test_macsec_event_callback(uint16_t port_id, enum rte_eth_event_type type, return 0; } +static int +test_macsec_sec_caps_verify(const struct mcs_test_opts *opts, + const struct rte_security_capability *sec_cap, bool silent) +{ + if (opts->mtu > sec_cap->macsec.mtu) { + if (!silent) + RTE_LOG(INFO, USER1, "MTU size is not supported\n"); + return -ENOTSUP; + } + + if (opts->replay_protect == 1 && sec_cap->macsec.anti_replay == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "Anti replay is not supported\n"); + return -ENOTSUP; + } + + if (opts->replay_win_sz > sec_cap->macsec.replay_win_sz) { + if (!silent) + RTE_LOG(INFO, USER1, "Replay window size is not " + "supported\n"); + return -ENOTSUP; + } + + if (opts->rekey_en == 1 && sec_cap->macsec.re_key == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "Rekey is not supported\n"); + return -ENOTSUP; + } + + if (opts->sectag_insert_mode == 0 && + sec_cap->macsec.relative_sectag_insert == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "Relative offset sectag insert " + "not supported\n"); + return -ENOTSUP; + } + + if (opts->sectag_insert_mode == 1 && + sec_cap->macsec.fixed_sectag_insert == 0) { + if (!silent) + RTE_LOG(INFO, USER1, "Fixed offset sectag insert " + "not supported\n"); + return -ENOTSUP; + } + + return 0; +} + static int test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs_test_opts *opts) { uint16_t rx_sa_id[MCS_MAX_FLOWS][RTE_SECURITY_MACSEC_NUM_AN] = {{0}}; + struct rte_security_capability_idx sec_cap_idx; + const struct rte_security_capability *sec_cap; uint16_t tx_sa_id[MCS_MAX_FLOWS][2] = {{0}}; uint16_t rx_sc_id[MCS_MAX_FLOWS] = {0}; uint16_t tx_sc_id[MCS_MAX_FLOWS] = {0}; @@ -864,6 +914,30 @@ test_macsec(const struct mcs_test_vector *td[], enum mcs_op op, const struct mcs return TEST_SKIPPED; } + sec_cap_idx.action = RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL; + sec_cap_idx.protocol = RTE_SECURITY_PROTOCOL_MACSEC; + sec_cap_idx.macsec.alg = td[0]->alg; + sec_cap = rte_security_capability_get(ctx, &sec_cap_idx); + if (sec_cap == NULL) { + printf("No capabilities registered\n"); + return TEST_SKIPPED; + } + + if (test_macsec_sec_caps_verify(opts, sec_cap, false) != 0) + return TEST_SKIPPED; + + if (opts->rekey_en) { + /* Verify the rekey td */ + sec_cap_idx.macsec.alg = opts->rekey_td->alg; + sec_cap = rte_security_capability_get(ctx, &sec_cap_idx); + if (sec_cap == NULL) { + printf("No capabilities registered\n"); + return TEST_SKIPPED; + } + if (test_macsec_sec_caps_verify(opts, sec_cap, false) != 0) + return TEST_SKIPPED; + } + tci_off = (opts->sectag_insert_mode == 1) ? RTE_ETHER_HDR_LEN : RTE_ETHER_HDR_LEN + (opts->nb_vlan * RTE_VLAN_HLEN); @@ -1186,6 +1260,7 @@ test_inline_macsec_encap_all(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; @@ -1200,7 +1275,11 @@ test_inline_macsec_encap_all(void) for (i = 0; i < size; i++) { cur_td = &list_mcs_cipher_vectors[i]; err = test_macsec(&cur_td, MCS_ENCAP, &opts); - if (err) { + if (err == TEST_SKIPPED) { + printf("Cipher Auth Encryption case %d skipped\n", cur_td->test_idx); + skipped += 1; + err = 0; + } else if (err) { printf("\nCipher Auth Encryption case %d failed", cur_td->test_idx); err = -1; } else { @@ -1209,9 +1288,10 @@ test_inline_macsec_encap_all(void) } all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size + all_err - skipped, -all_err, skipped); - return all_err; + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -1220,6 +1300,7 @@ test_inline_macsec_decap_all(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; @@ -1232,7 +1313,11 @@ test_inline_macsec_decap_all(void) for (i = 0; i < size; i++) { cur_td = &list_mcs_cipher_vectors[i]; err = test_macsec(&cur_td, MCS_DECAP, &opts); - if (err) { + if (err == TEST_SKIPPED) { + printf("Cipher Auth Decryption case %d skipped\n", cur_td->test_idx); + skipped += 1; + err = 0; + } else if (err) { printf("\nCipher Auth Decryption case %d failed", cur_td->test_idx); err = -1; } else { @@ -1241,9 +1326,10 @@ test_inline_macsec_decap_all(void) } all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size + all_err - skipped, -all_err, skipped); - return all_err; + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -1252,6 +1338,7 @@ test_inline_macsec_auth_only_all(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; @@ -1266,7 +1353,11 @@ test_inline_macsec_auth_only_all(void) for (i = 0; i < size; i++) { cur_td = &list_mcs_integrity_vectors[i]; err = test_macsec(&cur_td, MCS_AUTH_ONLY, &opts); - if (err) { + if (err == TEST_SKIPPED) { + printf("Auth Generate case %d skipped\n", cur_td->test_idx); + skipped += 1; + err = 0; + } else if (err) { printf("\nAuth Generate case %d failed", cur_td->test_idx); err = -1; } else { @@ -1275,9 +1366,10 @@ test_inline_macsec_auth_only_all(void) } all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size + all_err - skipped, -all_err, skipped); - return all_err; + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -1286,6 +1378,7 @@ test_inline_macsec_verify_only_all(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; @@ -1299,7 +1392,11 @@ test_inline_macsec_verify_only_all(void) for (i = 0; i < size; i++) { cur_td = &list_mcs_integrity_vectors[i]; err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts); - if (err) { + if (err == TEST_SKIPPED) { + printf("Auth Verify case %d skipped\n", cur_td->test_idx); + skipped += 1; + err = 0; + } else if (err) { printf("\nAuth Verify case %d failed", cur_td->test_idx); err = -1; } else { @@ -1308,9 +1405,10 @@ test_inline_macsec_verify_only_all(void) } all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size + all_err - skipped, -all_err, skipped); - return all_err; + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -1319,6 +1417,7 @@ test_inline_macsec_encap_decap_all(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; @@ -1334,7 +1433,11 @@ test_inline_macsec_encap_decap_all(void) for (i = 0; i < size; i++) { cur_td = &list_mcs_cipher_vectors[i]; err = test_macsec(&cur_td, MCS_ENCAP_DECAP, &opts); - if (err) { + if (err == TEST_SKIPPED) { + printf("Cipher Auth Encap-decap case %d skipped\n", cur_td->test_idx); + skipped += 1; + err = 0; + } else if (err) { printf("\nCipher Auth Encap-decap case %d failed", cur_td->test_idx); err = -1; } else { @@ -1343,9 +1446,10 @@ test_inline_macsec_encap_decap_all(void) } all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size + all_err - skipped, -all_err, skipped); - return all_err; + return skipped > 0 ? TEST_SKIPPED : all_err; } @@ -1355,6 +1459,7 @@ test_inline_macsec_auth_verify_all(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; @@ -1369,7 +1474,11 @@ test_inline_macsec_auth_verify_all(void) for (i = 0; i < size; i++) { cur_td = &list_mcs_integrity_vectors[i]; err = test_macsec(&cur_td, MCS_AUTH_VERIFY, &opts); - if (err) { + if (err == TEST_SKIPPED) { + printf("Auth Generate + Verify case %d skipped\n", cur_td->test_idx); + skipped += 1; + err = 0; + } else if (err) { printf("\nAuth Generate + Verify case %d failed", cur_td->test_idx); err = -1; } else { @@ -1378,9 +1487,10 @@ test_inline_macsec_auth_verify_all(void) } all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size + all_err - skipped, -all_err, skipped); - return all_err; + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -1418,7 +1528,9 @@ test_inline_macsec_multi_flow(void) tv[i] = (const struct mcs_test_vector *)&iter[i]; } err = test_macsec(tv, MCS_ENCAP_DECAP, &opts); - if (err) { + if (err == TEST_SKIPPED) { + printf("Cipher Auth Encryption multi flow skipped\n"); + } else if (err) { printf("\nCipher Auth Encryption multi flow failed"); err = -1; } else { @@ -1434,6 +1546,7 @@ test_inline_macsec_with_vlan(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; @@ -1456,7 +1569,11 @@ test_inline_macsec_with_vlan(void) opts.nb_vlan = 2; } err = test_macsec(&cur_td, MCS_ENCAP, &opts); - if (err) { + if (err == TEST_SKIPPED) { + printf("VLAN Encap case %d skipped", cur_td->test_idx); + skipped += 1; + err = 0; + } else if (err) { printf("\n VLAN Encap case %d failed", cur_td->test_idx); err = -1; } else { @@ -1477,7 +1594,11 @@ test_inline_macsec_with_vlan(void) opts.nb_vlan = 2; } err = test_macsec(&cur_td, MCS_DECAP, &opts); - if (err) { + if (err == TEST_SKIPPED) { + printf("VLAN Decap case %d skipped", cur_td->test_idx); + skipped += 1; + err = 0; + } else if (err) { printf("\n VLAN Decap case %d failed", cur_td->test_idx); err = -1; } else { @@ -1487,8 +1608,9 @@ test_inline_macsec_with_vlan(void) all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, (2 * size) + all_err, -all_err); - return all_err; + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + 2 * size + all_err - skipped, -all_err, skipped); + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -1497,6 +1619,7 @@ test_inline_macsec_pkt_drop(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; @@ -1512,7 +1635,11 @@ test_inline_macsec_pkt_drop(void) for (i = 0; i < size; i++) { cur_td = &list_mcs_err_cipher_vectors[i]; err = test_macsec(&cur_td, MCS_DECAP, &opts); - if (err) { + if (err == TEST_SKIPPED) { + printf("Packet drop case %d skipped", cur_td->test_idx); + skipped += 1; + err = 0; + } else if (err) { printf("\nPacket drop case %d passed", cur_td->test_idx); err = 0; } else { @@ -1521,9 +1648,10 @@ test_inline_macsec_pkt_drop(void) } all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size + all_err - skipped, -all_err, skipped); - return all_err; + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -1532,6 +1660,7 @@ test_inline_macsec_untagged_rx(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; @@ -1547,7 +1676,10 @@ test_inline_macsec_untagged_rx(void) for (i = 0; i < size; i++) { cur_td = &list_mcs_untagged_cipher_vectors[i]; err = test_macsec(&cur_td, MCS_DECAP, &opts); - if (err) + if (err == TEST_SKIPPED) { + skipped += 1; + err = 0; + } else if (err) err = 0; else err = -1; @@ -1559,16 +1691,20 @@ test_inline_macsec_untagged_rx(void) for (i = 0; i < size; i++) { cur_td = &list_mcs_untagged_cipher_vectors[i]; err = test_macsec(&cur_td, MCS_DECAP, &opts); - if (err) + if (err == TEST_SKIPPED) { + skipped += 1; + err = 0; + } else if (err) err = 0; else err = -1; all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + 2 * size + all_err - skipped, -all_err, skipped); - return all_err; + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -1577,6 +1713,7 @@ test_inline_macsec_bad_tag_rx(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; @@ -1592,7 +1729,10 @@ test_inline_macsec_bad_tag_rx(void) for (i = 0; i < size; i++) { cur_td = &list_mcs_bad_tag_vectors[i]; err = test_macsec(&cur_td, MCS_DECAP, &opts); - if (err) + if (err == TEST_SKIPPED) { + skipped += 1; + err = 0; + } else if (err) err = -1; else err = 0; @@ -1600,9 +1740,10 @@ test_inline_macsec_bad_tag_rx(void) all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size + all_err - skipped, -all_err, skipped); - return all_err; + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -1611,6 +1752,7 @@ test_inline_macsec_sa_not_in_use(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; @@ -1626,7 +1768,10 @@ test_inline_macsec_sa_not_in_use(void) for (i = 0; i < size; i++) { cur_td = &list_mcs_cipher_vectors[i]; err = test_macsec(&cur_td, MCS_DECAP, &opts); - if (err) + if (err == TEST_SKIPPED) { + skipped += 1; + err = 0; + } else if (err) err = -1; else err = 0; @@ -1634,9 +1779,10 @@ test_inline_macsec_sa_not_in_use(void) all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size + all_err - skipped, -all_err, skipped); - return all_err; + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -1645,6 +1791,7 @@ test_inline_macsec_decap_stats(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; @@ -1660,7 +1807,11 @@ test_inline_macsec_decap_stats(void) for (i = 0; i < size; i++) { cur_td = &list_mcs_cipher_vectors[i]; err = test_macsec(&cur_td, MCS_DECAP, &opts); - if (err) { + if (err == TEST_SKIPPED) { + printf("Decap stats case %d skipped\n", cur_td->test_idx); + skipped += 1; + err = 0; + } else if (err) { printf("\nDecap stats case %d failed", cur_td->test_idx); err = -1; } else { @@ -1669,9 +1820,10 @@ test_inline_macsec_decap_stats(void) } all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size + all_err - skipped, -all_err, skipped); - return all_err; + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -1680,6 +1832,7 @@ test_inline_macsec_verify_only_stats(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; @@ -1695,7 +1848,11 @@ test_inline_macsec_verify_only_stats(void) for (i = 0; i < size; i++) { cur_td = &list_mcs_integrity_vectors[i]; err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts); - if (err) { + if (err == TEST_SKIPPED) { + printf("Verify only stats case %d skipped\n", cur_td->test_idx); + skipped += 1; + err = 0; + } else if (err) { printf("\nVerify only stats case %d failed", cur_td->test_idx); err = -1; } else { @@ -1704,9 +1861,10 @@ test_inline_macsec_verify_only_stats(void) } all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size + all_err - skipped, -all_err, skipped); - return all_err; + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -1715,6 +1873,7 @@ test_inline_macsec_pkts_invalid_stats(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; @@ -1729,15 +1888,19 @@ test_inline_macsec_pkts_invalid_stats(void) for (i = 0; i < size; i++) { cur_td = &list_mcs_err_cipher_vectors[i]; err = test_macsec(&cur_td, MCS_DECAP, &opts); - if (err) + if (err == TEST_SKIPPED) { + skipped += 1; + err = 0; + } else if (err) err = 0; else err = -1; all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); - return all_err; + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size + all_err - skipped, -all_err, skipped); + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -1746,6 +1909,7 @@ test_inline_macsec_pkts_unchecked_stats(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_DISABLE; @@ -1761,7 +1925,10 @@ test_inline_macsec_pkts_unchecked_stats(void) for (i = 0; i < size; i++) { cur_td = &list_mcs_integrity_vectors[i]; err = test_macsec(&cur_td, MCS_VERIFY_ONLY, &opts); - if (err) + if (err == TEST_SKIPPED) { + skipped += 1; + err = 0; + } else if (err) err = -1; else err = 0; @@ -1769,8 +1936,9 @@ test_inline_macsec_pkts_unchecked_stats(void) all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); - return all_err; + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size + all_err - skipped, -all_err, skipped); + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -1779,6 +1947,7 @@ test_inline_macsec_out_pkts_untagged(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; @@ -1794,7 +1963,10 @@ test_inline_macsec_out_pkts_untagged(void) for (i = 0; i < size; i++) { cur_td = &list_mcs_cipher_vectors[i]; err = test_macsec(&cur_td, MCS_ENCAP, &opts); - if (err) + if (err == TEST_SKIPPED) { + skipped += 1; + err = 0; + } else if (err) err = -1; else err = 0; @@ -1802,8 +1974,9 @@ test_inline_macsec_out_pkts_untagged(void) all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); - return all_err; + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size + all_err - skipped, -all_err, skipped); + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -1812,6 +1985,7 @@ test_inline_macsec_out_pkts_toolong(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_NO_DISCARD; @@ -1827,7 +2001,10 @@ test_inline_macsec_out_pkts_toolong(void) for (i = 0; i < size; i++) { cur_td = &list_mcs_cipher_vectors[i]; err = test_macsec(&cur_td, MCS_ENCAP, &opts); - if (err) + if (err == TEST_SKIPPED) { + skipped += 1; + err = 0; + } else if (err) err = -1; else err = 0; @@ -1835,8 +2012,9 @@ test_inline_macsec_out_pkts_toolong(void) all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); - return all_err; + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size + all_err - skipped, -all_err, skipped); + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -1845,6 +2023,7 @@ test_inline_macsec_encap_stats(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; @@ -1860,15 +2039,20 @@ test_inline_macsec_encap_stats(void) for (i = 0; i < size; i++) { cur_td = &list_mcs_cipher_vectors[i]; err = test_macsec(&cur_td, MCS_ENCAP, &opts); - if (err) + if (err == TEST_SKIPPED) { + skipped += 1; + err = 0; + } else if (err) err = -1; else err = 0; + all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); - return all_err; + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size + all_err - skipped, -all_err, skipped); + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -1877,6 +2061,7 @@ test_inline_macsec_auth_only_stats(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; @@ -1892,15 +2077,20 @@ test_inline_macsec_auth_only_stats(void) for (i = 0; i < size; i++) { cur_td = &list_mcs_integrity_vectors[i]; err = test_macsec(&cur_td, MCS_AUTH_ONLY, &opts); - if (err) + if (err == TEST_SKIPPED) { + skipped += 1; + err = 0; + } else if (err) err = -1; else err = 0; + all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); - return all_err; + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size + all_err - skipped, -all_err, skipped); + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -1909,6 +2099,7 @@ test_inline_macsec_interrupts_all(void) struct mcs_err_vector err_vector = {0}; const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; + int skipped = 0; int i, size; int err, all_err = 0; enum rte_eth_event_macsec_subtype subtype[] = { @@ -1937,8 +2128,13 @@ test_inline_macsec_interrupts_all(void) for (i = 0; i < size; i++) { cur_td = &list_mcs_intr_test_vectors[i]; err = test_macsec(&cur_td, MCS_DECAP, &opts); - if ((err_vector.event == RTE_ETH_EVENT_MACSEC_SECTAG_VAL_ERR) && - (err_vector.event_subtype == subtype[i])) { + if (err == TEST_SKIPPED) { + printf("Sectag val err interrupt test case %d skipped", + cur_td->test_idx); + skipped += 1; + err = 0; + } else if ((err_vector.event == RTE_ETH_EVENT_MACSEC_SECTAG_VAL_ERR) && + (err_vector.event_subtype == subtype[i])) { printf("\nSectag val err interrupt test case %d passed", cur_td->test_idx); err = 0; @@ -1952,8 +2148,9 @@ test_inline_macsec_interrupts_all(void) rte_eth_dev_callback_unregister(port_id, RTE_ETH_EVENT_MACSEC, test_macsec_event_callback, &err_vector); - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); - return all_err; + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size + all_err - skipped, -all_err, skipped); + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -1962,6 +2159,7 @@ test_inline_macsec_rekey_tx(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; @@ -1979,7 +2177,11 @@ test_inline_macsec_rekey_tx(void) cur_td = &list_mcs_rekey_vectors[i]; opts.rekey_td = &list_mcs_rekey_vectors[++i]; err = test_macsec(&cur_td, MCS_ENCAP, &opts); - if (err) { + if (err == TEST_SKIPPED) { + printf("Tx hw rekey test case %d skipped\n", i); + skipped += 1; + err = 0; + } else if (err) { printf("Tx hw rekey test case %d failed\n", i); err = -1; } else { @@ -1989,8 +2191,9 @@ test_inline_macsec_rekey_tx(void) all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); - return all_err; + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size / 2 + all_err - skipped, -all_err, skipped); + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -1999,6 +2202,7 @@ test_inline_macsec_rekey_rx(void) const struct mcs_test_vector *cur_td; struct mcs_test_opts opts = {0}; int err, all_err = 0; + int skipped = 0; int i, size; opts.val_frames = RTE_SECURITY_MACSEC_VALIDATE_STRICT; @@ -2014,7 +2218,11 @@ test_inline_macsec_rekey_rx(void) cur_td = &list_mcs_rekey_vectors[i]; opts.rekey_td = &list_mcs_rekey_vectors[++i]; err = test_macsec(&cur_td, MCS_DECAP, &opts); - if (err) { + if (err == TEST_SKIPPED) { + printf("Rx rekey test case %d skipped\n", i); + skipped += 1; + err = 0; + } else if (err) { printf("Rx rekey test case %d failed\n", i); err = -1; } else { @@ -2024,8 +2232,9 @@ test_inline_macsec_rekey_rx(void) all_err += err; } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); - return all_err; + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size / 2 + all_err - skipped, -all_err, skipped); + return skipped > 0 ? TEST_SKIPPED : all_err; } static int @@ -2035,6 +2244,7 @@ test_inline_macsec_anti_replay(void) struct mcs_test_opts opts = {0}; uint16_t replay_win_sz[2] = {32, 0}; int err, all_err = 0; + int skipped = 0; int i, size; int j; @@ -2055,21 +2265,30 @@ test_inline_macsec_anti_replay(void) opts.ar_td[1] = &list_mcs_anti_replay_vectors[++i]; opts.ar_td[2] = &list_mcs_anti_replay_vectors[++i]; err = test_macsec(&cur_td, MCS_DECAP, &opts); - if (err) { - printf("Replay window: %u, Anti replay test case %d failed\n", - opts.replay_win_sz, i); + if (err == TEST_SKIPPED) { + printf("Replay window: %u, Anti replay test " + "case %d skipped\n", opts.replay_win_sz, + i); + skipped += 1; + err = 0; + } else if (err) { + printf("Replay window: %u, Anti replay test " + "case %d failed\n", opts.replay_win_sz, + i); err = -1; } else { - printf("Replay window: %u, Anti replay test case %d passed\n", - opts.replay_win_sz, i); + printf("Replay window: %u, Anti replay test " + "case %d passed\n", opts.replay_win_sz, + i); err = 0; } all_err += err; } } - printf("\n%s: Success: %d, Failure: %d\n", __func__, size + all_err, -all_err); - return all_err; + printf("\n%s: Success: %d, Failure: %d, Skipped: %d\n", __func__, + size / 2 + all_err - skipped, -all_err, skipped); + return skipped > 0 ? TEST_SKIPPED : all_err; } static int