From patchwork Mon Sep 6 14:58:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 98083 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 078EAA0C54; Mon, 6 Sep 2021 16:58:56 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DD643410FE; Mon, 6 Sep 2021 16:58:55 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 9315D41102 for ; Mon, 6 Sep 2021 16:58:54 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 186Cbskb021315; Mon, 6 Sep 2021 07:58:54 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=0eeJQoICuWBMfVFnThmPe6Vh+vi4V/DXg6o8LfpSDQA=; b=emaeWPrRrHAfwXTmmgaGO6XCzvOjTESd37HJzN5bN6pVnue9FgSGIx77e0gHL0HBnilh 7WSuPLCTjTmE4kEHtvoDYnRYDhLIqgdfLaGGvdDbqYn4Q7TilDI3e9Us0MLVMiJgxvHJ pW9EgfIpES80zzeDJYKayXVyU7r400xYQhPAjlWTT5Qv8Mnn+5gnVLOmJlOAXqVSEr3d JPtxsP7131L/vbRuQOwRyExG3Qjf2CBcfre9aHMN3xHMuVCbtMsW+uh1QCxoIf1ZHgJx Xgh8xKZbEilqxuVnl9Yji9nBWEFwP+KMcTvLwweMWq3gFjXlsU8vxpXKYxMTXpmI4b2N 9w== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3aw2sp319s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 06 Sep 2021 07:58:53 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 6 Sep 2021 07:58:51 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Mon, 6 Sep 2021 07:58:51 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.70.144]) by maili.marvell.com (Postfix) with ESMTP id 6ADBD3F709A; Mon, 6 Sep 2021 07:58:46 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Gagandeep Singh , Date: Mon, 6 Sep 2021 20:28:25 +0530 Message-ID: <1630940307-78-2-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1630940307-78-1-git-send-email-anoobj@marvell.com> References: <1629093590-115-1-git-send-email-anoobj@marvell.com> <1630940307-78-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: k_QYL-PAbr_lGxXhnyVFN1wnnr2oxDKB X-Proofpoint-ORIG-GUID: k_QYL-PAbr_lGxXhnyVFN1wnnr2oxDKB X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-06_06,2021-09-03_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 1/3] security: support user specified IV X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Enable user to provide IV to be used per security operation. This would be used with lookaside protocol offload for comparing against known vectors. By default, PMD would generate IV internally and would be random. Signed-off-by: Anoob Joseph Acked-by: Akhil Goyal --- doc/guides/rel_notes/release_21_11.rst | 5 +++++ lib/security/rte_security.h | 14 ++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index 83da727..a1813bd 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -105,6 +105,11 @@ API Changes Also, make sure to start the actual text at the margin. ======================================================= +* security: add IPsec SA option to disable IV generation + + * Added IPsec SA option to disable IV generation to allow known vector + tests as well as usage of application provided IV on supported PMDs. + ABI Changes ----------- diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index 88d31de..b4b6776 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -181,6 +181,20 @@ struct rte_security_ipsec_sa_options { * * 0: Disable per session security statistics collection for this SA. */ uint32_t stats : 1; + + /** Disable IV generation in PMD + * + * * 1: Disable IV generation in PMD. When disabled, IV provided in + * rte_crypto_op will be used by the PMD. + * + * * 0: Enable IV generation in PMD. When enabled, PMD generated random + * value would be used and application is not required to provide + * IV. + * + * Note: For inline cases, IV generation would always need to be handled + * by the PMD. + */ + uint32_t iv_gen_disable : 1; }; /** IPSec security association direction */ From patchwork Mon Sep 6 14:58:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 98084 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7ED66A0C54; Mon, 6 Sep 2021 16:59:03 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 64F634111F; Mon, 6 Sep 2021 16:59:03 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id F033C410F8 for ; Mon, 6 Sep 2021 16:59:01 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 186E6M86022984; Mon, 6 Sep 2021 07:59:01 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=D5UC09JoMxnf5BNcQJF0VxRSkJ+oUHi21vHLA6TlCDo=; b=H9UnIjWbRQn7TSD5VlpCsek3MYIC+UZfhoj7yXbwz/nODafi2sqmaXRDzwxfpHg5e0tw p643SrzQHt7jYhI9MUqd9YWcx3owMXI41ZTuJnLbsXN4TorZCADI0ml3+dxMKuLvAxXh j0wW/Z6XDq+R8ugRcQ2Vf5Jz0389rV0JcNr6eN0X/v2+Rdw7EcwnEqR0HZsH83f5Arp1 P7Rx3/Ykv6/N+EhavXQyziUE7rzGRJZ8Xth/twpCyGUS2NVk3KYUFbpL4vMfSaHXryCK dTZzm/GIsmk7xLj5FTh2ZI8WXRjJDqaNPNqu0Mm56OrE3JChp5YyuaBA4ot2h/wDBxQX ww== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 3aw9d2tdgd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 06 Sep 2021 07:59:01 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 6 Sep 2021 07:58:59 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Mon, 6 Sep 2021 07:58:59 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.70.144]) by maili.marvell.com (Postfix) with ESMTP id 2068B3F709A; Mon, 6 Sep 2021 07:58:53 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Tejasree Kondoj , Jerin Jacob , Archana Muniganti , Hemant Agrawal , Radu Nicolau , Ciara Power , Gagandeep Singh , , Anoob Joseph Date: Mon, 6 Sep 2021 20:28:26 +0530 Message-ID: <1630940307-78-3-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1630940307-78-1-git-send-email-anoobj@marvell.com> References: <1629093590-115-1-git-send-email-anoobj@marvell.com> <1630940307-78-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: sKn_7UW-0IMbFRtvyRiCa_fpFc4R8vSg X-Proofpoint-ORIG-GUID: sKn_7UW-0IMbFRtvyRiCa_fpFc4R8vSg X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-06_06,2021-09-03_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 2/3] crypto/cnxk: add IV in SA in lookaside IPsec debug mode X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Tejasree Kondoj Adding IV in SA in lookaside IPsec debug mode. It helps to verify lookaside PMD using known outbound vectors in lookaside autotest. Signed-off-by: Anoob Joseph Signed-off-by: Tejasree Kondoj Acked-by: Akhil Goyal --- drivers/crypto/cnxk/cn10k_ipsec.c | 16 +++++++++ drivers/crypto/cnxk/cn10k_ipsec.h | 2 ++ drivers/crypto/cnxk/cn10k_ipsec_la_ops.h | 44 +++++++++++++++++++++++ drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 29 +++++++++++++-- drivers/crypto/cnxk/meson.build | 6 ++++ 5 files changed, 95 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c index 5c57cf2..ebb2a7e 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.c +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -57,6 +57,22 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, sa); +#ifdef LA_IPSEC_DEBUG + /* Use IV from application in debug mode */ + if (ipsec_xfrm->options.iv_gen_disable == 1) { + out_sa->w2.s.iv_src = ROC_IE_OT_SA_IV_SRC_FROM_SA; + if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + sa->iv_offset = crypto_xfrm->aead.iv.offset; + sa->iv_length = crypto_xfrm->aead.iv.length; + } + } +#else + if (ipsec_xfrm->options.iv_gen_disable != 0) { + plt_err("Application provided IV not supported"); + return -ENOTSUP; + } +#endif + /* Get Rlen calculation data */ ret = cnxk_ipsec_outb_rlens_get(&rlens, ipsec_xfrm, crypto_xfrm); if (ret) diff --git a/drivers/crypto/cnxk/cn10k_ipsec.h b/drivers/crypto/cnxk/cn10k_ipsec.h index bc52c60..6f974b7 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.h +++ b/drivers/crypto/cnxk/cn10k_ipsec.h @@ -21,6 +21,8 @@ struct cn10k_ipsec_sa { /** Pre-populated CPT inst words */ struct cnxk_cpt_inst_tmpl inst; uint16_t max_extended_len; + uint16_t iv_offset; + uint8_t iv_length; }; struct cn10k_sec_session { diff --git a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h index fe91638..862476a 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h +++ b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h @@ -12,6 +12,41 @@ #include "cn10k_ipsec.h" #include "cnxk_cryptodev.h" +static inline void +ipsec_po_sa_iv_set(struct cn10k_ipsec_sa *sess, struct rte_crypto_op *cop) +{ + uint64_t *iv = &sess->out_sa.iv.u64[0]; + uint64_t *tmp_iv; + + memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset), + 16); + tmp_iv = (uint64_t *)iv; + *tmp_iv = rte_be_to_cpu_64(*tmp_iv); + + tmp_iv = (uint64_t *)(iv + 1); + *tmp_iv = rte_be_to_cpu_64(*tmp_iv); +} + +static inline void +ipsec_po_sa_aes_gcm_iv_set(struct cn10k_ipsec_sa *sess, + struct rte_crypto_op *cop) +{ + uint8_t *iv = &sess->out_sa.iv.s.iv_dbg1[0]; + uint32_t *tmp_iv; + + memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset), + 4); + tmp_iv = (uint32_t *)iv; + *tmp_iv = rte_be_to_cpu_32(*tmp_iv); + + iv = &sess->out_sa.iv.s.iv_dbg2[0]; + memcpy(iv, + rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset + 4), + 4); + tmp_iv = (uint32_t *)iv; + *tmp_iv = rte_be_to_cpu_32(*tmp_iv); +} + static __rte_always_inline int process_outb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sess, struct cpt_inst_s *inst) @@ -24,6 +59,15 @@ process_outb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sess, return -ENOMEM; } +#ifdef LA_IPSEC_DEBUG + if (sess->out_sa.w2.s.iv_src == ROC_IE_OT_SA_IV_SRC_FROM_SA) { + if (sess->out_sa.w2.s.enc_type == ROC_IE_OT_SA_ENC_AES_GCM) + ipsec_po_sa_aes_gcm_iv_set(sess, cop); + else + ipsec_po_sa_iv_set(sess, cop); + } +#endif + /* Prepare CPT instruction */ inst->w4.u64 = sess->inst.w4; inst->w4.s.dlen = rte_pktmbuf_pkt_len(m_src); diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index c4f7824..4b97639 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -807,7 +807,7 @@ static const struct rte_security_capability sec_caps_templ[] = { .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, .direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS, - .options = { 0 } + .options = { 0 }, }, .crypto_capabilities = NULL, }, @@ -818,7 +818,7 @@ static const struct rte_security_capability sec_caps_templ[] = { .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, - .options = { 0 } + .options = { 0 }, }, .crypto_capabilities = NULL, }, @@ -913,6 +913,24 @@ cnxk_sec_caps_update(struct rte_security_capability *sec_cap) sec_cap->ipsec.options.udp_encap = 1; } +static void +cn10k_sec_caps_update(struct rte_security_capability *sec_cap) +{ + if (sec_cap->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { +#ifdef LA_IPSEC_DEBUG + sec_cap->ipsec.options.iv_gen_disable = 1; +#endif + } +} + +static void +cn9k_sec_caps_update(struct rte_security_capability *sec_cap) +{ + if (sec_cap->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) { + sec_cap->ipsec.options.iv_gen_disable = 1; + } +} + void cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf) { @@ -928,6 +946,13 @@ cnxk_cpt_caps_populate(struct cnxk_cpt_vf *vf) vf->sec_caps[i].crypto_capabilities = vf->sec_crypto_caps; cnxk_sec_caps_update(&vf->sec_caps[i]); + + if (roc_model_is_cn10k()) + cn10k_sec_caps_update(&vf->sec_caps[i]); + + if (roc_model_is_cn9k()) + cn9k_sec_caps_update(&vf->sec_caps[i]); + } } diff --git a/drivers/crypto/cnxk/meson.build b/drivers/crypto/cnxk/meson.build index e40d132..437d208 100644 --- a/drivers/crypto/cnxk/meson.build +++ b/drivers/crypto/cnxk/meson.build @@ -24,3 +24,9 @@ sources = files( deps += ['bus_pci', 'common_cnxk', 'security', 'eventdev'] includes += include_directories('../../../lib/net') + +if get_option('buildtype').contains('debug') + cflags += [ '-DLA_IPSEC_DEBUG' ] +else + cflags += [ '-ULA_IPSEC_DEBUG' ] +endif From patchwork Mon Sep 6 14:58:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 98085 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9D93AA0C54; Mon, 6 Sep 2021 16:59:12 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8A68141120; Mon, 6 Sep 2021 16:59:12 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 94A6B4111D for ; Mon, 6 Sep 2021 16:59:11 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 186DrUFW023146; Mon, 6 Sep 2021 07:59:10 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=8Jqczxhka6J8pVuvu464Edya7VvyRNQkt5vHlX0QK64=; b=MjxAcecjirGxzu1EktxZuSODDxb0toBIm/MXr4TlWAFXqKtyOHgI0OCBOaldsg7m14ZR x8BVvGtzod7slmuRzqdIcfk5PXMlmma+/pdOSZugOLbilqJhDi8VGUUXCXtLcYu123Fh dWb7xn38D+XHIqg0i9mATTtxpFI5fMHtMAq1ECIp8s+EPBjJMkIdQIzHrbwXAUGy9GAi qG7W/hAqIulZ0SW+8vDKS5eJlMyrfKID8yTvp9QuA8QmCANhr6e74Hl9JkX/2l4xkvI2 Z4AcWX2PXbwhfOVYM8s8Fez601U9JJGw3aC/Th1xlKlHXYABX5B3BZyLrv0UnZZeCply +w== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 3aw9d2tdhj-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 06 Sep 2021 07:59:10 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Mon, 6 Sep 2021 07:59:08 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Mon, 6 Sep 2021 07:59:09 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.70.144]) by maili.marvell.com (Postfix) with ESMTP id 551623F709F; Mon, 6 Sep 2021 07:59:03 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Gagandeep Singh , Date: Mon, 6 Sep 2021 20:28:27 +0530 Message-ID: <1630940307-78-4-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1630940307-78-1-git-send-email-anoobj@marvell.com> References: <1629093590-115-1-git-send-email-anoobj@marvell.com> <1630940307-78-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: -sH9cXeyQpsv7gGwfBku99fF142k9udm X-Proofpoint-ORIG-GUID: -sH9cXeyQpsv7gGwfBku99fF142k9udm X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-06_06,2021-09-03_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v2 3/3] test/crypto: add outbound known vector tests X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add outbound known vector tests. The tests would be skipped on PMDs which do not support IV provided by application. Signed-off-by: Anoob Joseph Acked-by: Akhil Goyal --- app/test/test_cryptodev.c | 44 ++++++++++++++++++++++++++++++++ app/test/test_cryptodev_security_ipsec.c | 16 +++++++++++- 2 files changed, 59 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index b7c5270..1024f93 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -8978,6 +8978,22 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], ut_params->op->sym->m_src = ut_params->ibuf; ut_params->op->sym->m_dst = NULL; + /* Copy IV in crypto operation when IV generation is disabled */ + if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && + ipsec_xform.options.iv_gen_disable == 1) { + uint8_t *iv = rte_crypto_op_ctod_offset(ut_params->op, + uint8_t *, + IV_OFFSET); + int len; + + if (td[i].aead) + len = td[i].xform.aead.aead.iv.length; + else + len = td[i].xform.chain.cipher.cipher.iv.length; + + memcpy(iv, td[i].iv.data, len); + } + /* Process crypto operation */ process_crypto_request(dev_id, ut_params->op); @@ -9015,6 +9031,22 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], } static int +test_ipsec_proto_known_vec(const void *test_data) +{ + struct ipsec_test_data td_outb; + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + memcpy(&td_outb, test_data, sizeof(td_outb)); + + /* Disable IV gen to be able to test with known vectors */ + td_outb.ipsec_xform.options.iv_gen_disable = 1; + + return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags); +} + +static int test_ipsec_proto_known_vec_inb(const void *td_outb) { struct ipsec_test_flags flags; @@ -14018,6 +14050,18 @@ static struct unit_test_suite ipsec_proto_testsuite = { .setup = ipsec_proto_testsuite_setup, .unit_test_cases = { TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 128)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, &pkt_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 192)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, &pkt_aes_192_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 256)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, &pkt_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 128)", ut_setup_security, ut_teardown, test_ipsec_proto_known_vec_inb, &pkt_aes_128_gcm), diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 5b54996..f371b15 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -77,6 +77,15 @@ test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, return -ENOTSUP; } + if ((ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) && + (ipsec_xform->options.iv_gen_disable == 1) && + (sec_cap->ipsec.options.iv_gen_disable != 1)) { + if (!silent) + RTE_LOG(INFO, USER1, + "Application provided IV is not supported\n"); + return -ENOTSUP; + } + return 0; } @@ -161,9 +170,11 @@ test_ipsec_td_prepare(const struct crypto_param *param1, td->xform.aead.aead.algo = param1->alg.aead; td->xform.aead.aead.key.length = param1->key_length; + + if (flags->iv_gen) + td->ipsec_xform.options.iv_gen_disable = 0; } - RTE_SET_USED(flags); RTE_SET_USED(param2); } @@ -187,6 +198,9 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[], if (flags->udp_encap) td_inb[i].ipsec_xform.options.udp_encap = 1; + + /* Clear outbound specific flags */ + td_inb[i].ipsec_xform.options.iv_gen_disable = 0; } }