diff mbox series

[3/3] app/crypto-perf: fix IPsec direction

Message ID	20230102114655.300-3-anoobj@marvell.com (mailing list archive)
State	Accepted, archived
Delegated to:	akhil goyal
Headers	From: Anoob Joseph <anoobj@marvell.com> To: Ciara Power <ciara.power@intel.com>, Akhil Goyal <gakhil@marvell.com> CC: Gagandeep Singh <g.singh@nxp.com>, Hemant Agrawal <hemant.agrawal@nxp.com>, Jerin Jacob <jerinj@marvell.com>, Tejasree Kondoj <ktejasree@marvell.com>, <dev@dpdk.org> Subject: [PATCH 3/3] app/crypto-perf: fix IPsec direction Date: Mon, 2 Jan 2023 17:16:55 +0530 Message-ID: <20230102114655.300-3-anoobj@marvell.com> In-Reply-To: <20230102114655.300-1-anoobj@marvell.com> References: <20230102114655.300-1-anoobj@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: dev-bounces@dpdk.org
Series	[1/3] app/crypto-perf: use right API to free session \| [1/3] app/crypto-perf: use right API to free session [2/3] app/crypto-perf: fix invalid SPI [3/3] app/crypto-perf: fix IPsec direction

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/loongarch-compilation	success	Compilation OK
ci/loongarch-unit-testing	success	Unit Testing PASS
ci/iol-broadcom-Performance	success	Performance Testing PASS
ci/iol-intel-Functional	success	Functional Testing PASS
ci/github-robot: build	success	github build: passed
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-abi-testing	success	Testing PASS
ci/iol-x86_64-compile-testing	success	Testing PASS
ci/iol-aarch64-unit-testing	success	Testing PASS
ci/iol-testing	success	Testing PASS
ci/iol-x86_64-unit-testing	success	Testing PASS
ci/iol-aarch64-compile-testing	success	Testing PASS
ci/Intel-compilation	success	Compilation OK
ci/intel-Testing	success	Testing PASS

Commit Message

Anoob Joseph Jan. 2, 2023, 11:46 a.m. UTC

  The default value of options->auth_op & options->cipher_op are such that
an unconditional check for the same would always return true. Hence, the
direction is always determined to be outbound/egress.

The field options->aead_algo should be checked prior to checking above
fields. Since the same check would be required in datapath, introduce a
new flag in options for the same.

Fixes: 28dde5da503e ("app/crypto-perf: support lookaside IPsec")

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 app/test-crypto-perf/cperf_ops.c             | 35 +++++++++++---------
 app/test-crypto-perf/cperf_options.h         |  1 +
 app/test-crypto-perf/cperf_options_parsing.c | 15 +++++++++
 3 files changed, 35 insertions(+), 16 deletions(-)

Comments

Akhil Goyal Jan. 4, 2023, 12:08 p.m. UTC | #1

> Subject: [PATCH 3/3] app/crypto-perf: fix IPsec direction
> 
> The default value of options->auth_op & options->cipher_op are such that
> an unconditional check for the same would always return true. Hence, the
> direction is always determined to be outbound/egress.
> 
> The field options->aead_algo should be checked prior to checking above
> fields. Since the same check would be required in datapath, introduce a
> new flag in options for the same.
> 
> Fixes: 28dde5da503e ("app/crypto-perf: support lookaside IPsec")
Cc: stable@dpdk.org

> 
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Series Acked-by: Akhil Goyal <gakhil@marvell.com>

Applied to dpdk-next-crypto

Thanks.

diff mbox series

Patch

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 4a1c9feb1c..93b9bfb240 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -42,8 +42,7 @@  test_ipsec_vec_populate(struct rte_mbuf *m, const struct cperf_options *options,
 {
 	struct rte_ipv4_hdr *ip = rte_pktmbuf_mtod(m, struct rte_ipv4_hdr *);
 
-	if ((options->aead_op == RTE_CRYPTO_AEAD_OP_ENCRYPT) ||
-		(options->cipher_op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)) {
+	if (options->is_outbound) {
 		memcpy(ip, test_vector->plaintext.data,
 		       sizeof(struct rte_ipv4_hdr));
 
@@ -645,8 +644,9 @@  create_ipsec_session(struct rte_mempool *sess_mp,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset)
 {
-	struct rte_crypto_sym_xform xform = {0};
 	struct rte_crypto_sym_xform auth_xform = {0};
+	struct rte_crypto_sym_xform *crypto_xform;
+	struct rte_crypto_sym_xform xform = {0};
 
 	if (options->aead_algo != 0) {
 		/* Setup AEAD Parameters */
@@ -660,10 +660,10 @@  create_ipsec_session(struct rte_mempool *sess_mp,
 		xform.aead.iv.length = test_vector->aead_iv.length;
 		xform.aead.digest_length = options->digest_sz;
 		xform.aead.aad_length = options->aead_aad_sz;
+		crypto_xform = &xform;
 	} else if (options->cipher_algo != 0 && options->auth_algo != 0) {
 		/* Setup Cipher Parameters */
 		xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-		xform.next = NULL;
 		xform.cipher.algo = options->cipher_algo;
 		xform.cipher.op = options->cipher_op;
 		xform.cipher.iv.offset = iv_offset;
@@ -680,7 +680,6 @@  create_ipsec_session(struct rte_mempool *sess_mp,
 
 		/* Setup Auth Parameters */
 		auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
-		auth_xform.next = NULL;
 		auth_xform.auth.algo = options->auth_algo;
 		auth_xform.auth.op = options->auth_op;
 		auth_xform.auth.iv.offset = iv_offset +
@@ -699,7 +698,15 @@  create_ipsec_session(struct rte_mempool *sess_mp,
 			auth_xform.auth.iv.length = 0;
 		}
 
-		xform.next = &auth_xform;
+		if (options->is_outbound) {
+			crypto_xform = &xform;
+			xform.next = &auth_xform;
+			auth_xform.next = NULL;
+		} else {
+			crypto_xform = &auth_xform;
+			auth_xform.next = &xform;
+			xform.next = NULL;
+		}
 	} else {
 		return NULL;
 	}
@@ -729,23 +736,19 @@  create_ipsec_session(struct rte_mempool *sess_mp,
 			.salt = CPERF_IPSEC_SALT,
 			.options = { 0 },
 			.replay_win_sz = 0,
-			.direction =
-				((options->cipher_op ==
-					RTE_CRYPTO_CIPHER_OP_ENCRYPT) &&
-				(options->auth_op ==
-					RTE_CRYPTO_AUTH_OP_GENERATE)) ||
-				(options->aead_op ==
-					RTE_CRYPTO_AEAD_OP_ENCRYPT) ?
-				RTE_SECURITY_IPSEC_SA_DIR_EGRESS :
-				RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
 			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
 			.tunnel = tunnel,
 		} },
 		.userdata = NULL,
-		.crypto_xform = &xform
+		.crypto_xform = crypto_xform,
 	};
 
+	if (options->is_outbound)
+		sess_conf.ipsec.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
+	else
+		sess_conf.ipsec.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
+
 	struct rte_security_ctx *ctx = (struct rte_security_ctx *)
 				rte_cryptodev_get_sec_ctx(dev_id);
 
diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h
index 613d6d31e2..6966e0b286 100644
--- a/app/test-crypto-perf/cperf_options.h
+++ b/app/test-crypto-perf/cperf_options.h
@@ -105,6 +105,7 @@  struct cperf_options {
 	uint32_t out_of_place:1;
 	uint32_t silent:1;
 	uint32_t csv:1;
+	uint32_t is_outbound:1;
 
 	enum rte_crypto_cipher_algorithm cipher_algo;
 	enum rte_crypto_cipher_operation cipher_op;
diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index bc5e312c81..cb91bcc3c5 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -1318,6 +1318,21 @@  cperf_options_check(struct cperf_options *options)
 		if (check_docsis_buffer_length(options) < 0)
 			return -EINVAL;
 	}
+
+	if (options->op_type == CPERF_IPSEC) {
+		if (options->aead_algo) {
+			if (options->aead_op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
+				options->is_outbound = 1;
+			else
+				options->is_outbound = 0;
+		} else {
+			if (options->cipher_op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
+			    options->auth_op == RTE_CRYPTO_AUTH_OP_GENERATE)
+				options->is_outbound = 1;
+			else
+				options->is_outbound = 0;
+		}
+	}
 #endif
 
 	return 0;