From patchwork Mon Aug 16 05:59:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 96938 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1BE88A0C46; Mon, 16 Aug 2021 08:00:38 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 95E8B4113D; Mon, 16 Aug 2021 08:00:36 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id F2BB14113C for ; Mon, 16 Aug 2021 08:00:33 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 17FNDFIp012575; Sun, 15 Aug 2021 23:00:32 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=i5szvklGPm89wd75GItJoZLno2FmHKviKfxa4t1oAK8=; b=fk/k0zC6rfvVuklmkT1XaZ+gWSMUx+aAYftQfvmuEINKRdAbSrdAdVrqHzilGfXGb632 g0kVvzhxz1O8AHxGe8hl7/jbtwJYZrhh0/uoLy1ka/wn3sTD7dbgbc0I4cpkxv8JNvb0 3041mhqGMhr0IjcDP51DLitcMuO/Pvwi1ECuX1bifLftrHpWSDgaaGnHOfJWl8duZqrc xvbMjLFqb0SEDdVe9BeP+g/kCFudf94vzeonLXdVsdH4xqazzIw8LRwtqdGVdgMwWOiW 0MBvGK3hlx8H3TlTMkGp5BW55hlVuJBqSN/3nbJsapqXJ7PsHdS2POlofec0+bmCMbes rg== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3afcasgrt1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sun, 15 Aug 2021 23:00:32 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Sun, 15 Aug 2021 23:00:29 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Sun, 15 Aug 2021 23:00:29 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.36.215]) by maili.marvell.com (Postfix) with ESMTP id B974B5E686C; Sun, 15 Aug 2021 23:00:23 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Date: Mon, 16 Aug 2021 11:29:48 +0530 Message-ID: <1629093590-115-2-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1629093590-115-1-git-send-email-anoobj@marvell.com> References: <1629093590-115-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: pCnKvmH2HKXgcedWoaBYBdVwWFX9h-Jr X-Proofpoint-GUID: pCnKvmH2HKXgcedWoaBYBdVwWFX9h-Jr X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-08-16_02,2021-08-13_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH 1/3] security: support user specified IV X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Enable user to provide IV to be used per security operation. This would be used with lookaside protocol offload for comparing against known vectors. By default, PMD would generate IV internally and would be random. Signed-off-by: Anoob Joseph Signed-off-by: Tejasree Kondoj --- lib/security/rte_security.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index 88d31de..b4b6776 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -181,6 +181,20 @@ struct rte_security_ipsec_sa_options { * * 0: Disable per session security statistics collection for this SA. */ uint32_t stats : 1; + + /** Disable IV generation in PMD + * + * * 1: Disable IV generation in PMD. When disabled, IV provided in + * rte_crypto_op will be used by the PMD. + * + * * 0: Enable IV generation in PMD. When enabled, PMD generated random + * value would be used and application is not required to provide + * IV. + * + * Note: For inline cases, IV generation would always need to be handled + * by the PMD. + */ + uint32_t iv_gen_disable : 1; }; /** IPSec security association direction */ From patchwork Mon Aug 16 05:59:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 96939 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 70B60A0C46; Mon, 16 Aug 2021 08:00:44 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id E939841145; Mon, 16 Aug 2021 08:00:41 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 43F0F40686 for ; Mon, 16 Aug 2021 08:00:40 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 17FMSmSl017193; Sun, 15 Aug 2021 23:00:39 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=nm5mS42xZHDFG4ABPQMRSCh8kzb9F1eW7Onqv2N3bbo=; b=DOCh7VgMUI3TdIWWm3mswxYtCoeYVjhiIb/SAedv+NXac08Sbc2FEc19rm89hGQfqmgq jUWxQf8WgCFmA3oqpoN2BKIEsunvupaScOEvn9f0VLqjTEuhgX+m7bLZjyksFcnBqgLj TygH13GvP9aMIfmflN+juJbUBwpqDpiLEBsuni8PACJFxcD62uat2u/OxR0mCAE0pr6i jW87/XTq23OgJubiohI5zq23jfEQblN+G4KxLPmo0G7KQ2uZDVyEV05C7PGTXNZo4unp pE3xXU2/xifwHHwiNP/PZS2S0v0wcnDUOTbWNX7rudLf/7XdLN8fB6mIguj7VboXFOcS JQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 3af0pthwjc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sun, 15 Aug 2021 23:00:39 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Sun, 15 Aug 2021 23:00:37 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Sun, 15 Aug 2021 23:00:37 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.36.215]) by maili.marvell.com (Postfix) with ESMTP id E698C5B6957; Sun, 15 Aug 2021 23:00:31 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Tejasree Kondoj , Jerin Jacob , Archana Muniganti , Hemant Agrawal , Radu Nicolau , Ciara Power , , Anoob Joseph Date: Mon, 16 Aug 2021 11:29:49 +0530 Message-ID: <1629093590-115-3-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1629093590-115-1-git-send-email-anoobj@marvell.com> References: <1629093590-115-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: OsV7AoOh9Fu8A-LcvyKAtH63JmTdGuFH X-Proofpoint-ORIG-GUID: OsV7AoOh9Fu8A-LcvyKAtH63JmTdGuFH X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-08-16_02,2021-08-13_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH 2/3] crypto/cnxk: add IV in SA in lookaside IPsec debug mode X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Tejasree Kondoj Adding IV in SA in lookaside IPsec debug mode. It helps to verify lookaside PMD using known outbound vectors in lookaside autotest. Signed-off-by: Anoob Joseph Signed-off-by: Tejasree Kondoj --- drivers/crypto/cnxk/cn10k_ipsec.c | 16 +++++++++++++++ drivers/crypto/cnxk/cn10k_ipsec.h | 2 ++ drivers/crypto/cnxk/cn10k_ipsec_la_ops.h | 24 +++++++++++++++++++++++ drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c | 16 ++++++++++++++- drivers/crypto/cnxk/meson.build | 6 ++++++ 5 files changed, 63 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/cnxk/cn10k_ipsec.c b/drivers/crypto/cnxk/cn10k_ipsec.c index 1d567bf..3ce25f2 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.c +++ b/drivers/crypto/cnxk/cn10k_ipsec.c @@ -110,6 +110,22 @@ cn10k_ipsec_outb_sa_create(struct roc_cpt *roc_cpt, sa->inst.w7 = ipsec_cpt_inst_w7_get(roc_cpt, sa); +#ifdef LA_IPSEC_DEBUG + /* Use IV from application in debug mode */ + if (ipsec_xfrm->options.iv_gen_disable == 1) { + out_sa->w2.s.iv_src = ROC_IE_OT_SA_IV_SRC_FROM_SA; + if (crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AEAD) { + sa->iv_offset = crypto_xfrm->aead.iv.offset; + sa->iv_length = crypto_xfrm->aead.iv.length; + } + } +#else + if (ipsec_xfrm->options.iv_gen_disable != 0) { + plt_err("Application provided IV not supported"); + return -ENOTSUP; + } +#endif + /* Get Rlen calculation data */ ret = cnxk_ipsec_outb_rlens_get(&rlens, ipsec_xfrm, crypto_xfrm); if (ret) diff --git a/drivers/crypto/cnxk/cn10k_ipsec.h b/drivers/crypto/cnxk/cn10k_ipsec.h index 668282f..25fc2ee 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec.h +++ b/drivers/crypto/cnxk/cn10k_ipsec.h @@ -20,6 +20,8 @@ struct cn10k_ipsec_sa { }; /** Pre-populated CPT inst words */ struct cnxk_cpt_inst_tmpl inst; + uint16_t iv_offset; + uint8_t iv_length; uint8_t partial_len; uint8_t roundup_len; uint8_t roundup_byte; diff --git a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h index 1e9ebb5..1c142d2 100644 --- a/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h +++ b/drivers/crypto/cnxk/cn10k_ipsec_la_ops.h @@ -23,6 +23,25 @@ ipsec_po_out_rlen_get(struct cn10k_ipsec_sa *sess, uint32_t plen) return sess->partial_len + enc_payload_len; } +static inline void +ipsec_po_sa_iv_set(struct cn10k_ipsec_sa *sess, struct rte_crypto_op *cop) +{ + uint8_t *iv = &sess->out_sa.iv.s.iv_dbg1[0]; + uint32_t *tmp_iv; + + memcpy(iv, rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset), + 4); + tmp_iv = (uint32_t *)iv; + *tmp_iv = rte_be_to_cpu_32(*tmp_iv); + + iv = &sess->out_sa.iv.s.iv_dbg2[0]; + memcpy(iv, + rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset + 4), + 4); + tmp_iv = (uint32_t *)iv; + *tmp_iv = rte_be_to_cpu_32(*tmp_iv); +} + static __rte_always_inline int process_outb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sess, struct cpt_inst_s *inst) @@ -43,6 +62,11 @@ process_outb_sa(struct rte_crypto_op *cop, struct cn10k_ipsec_sa *sess, return -ENOMEM; } +#ifdef LA_IPSEC_DEBUG + if (sess->out_sa.w2.s.iv_src == ROC_IE_OT_SA_IV_SRC_FROM_SA) + ipsec_po_sa_iv_set(sess, cop); +#endif + /* Prepare CPT instruction */ inst->w4.u64 = sess->inst.w4; inst->w4.s.dlen = dlen; diff --git a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c index ab37f9c..8ec1e9d 100644 --- a/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c +++ b/drivers/crypto/cnxk/cnxk_cryptodev_capabilities.c @@ -776,7 +776,21 @@ static const struct rte_security_capability sec_caps_templ[] = { .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, .direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS, - .options = { 0 } + .options = { + .esn = 0, + .udp_encap = 0, + .copy_dscp = 0, + .copy_flabel = 0, + .copy_df = 0, + .dec_ttl = 0, + .ecn = 0, + .stats = 0, +#ifdef LA_IPSEC_DEBUG + .iv_gen_disable = 1, +#else + .iv_gen_disable = 0, +#endif + } }, .crypto_capabilities = NULL, .ol_flags = RTE_SECURITY_TX_OLOAD_NEED_MDATA diff --git a/drivers/crypto/cnxk/meson.build b/drivers/crypto/cnxk/meson.build index c56d6cf..1694e05 100644 --- a/drivers/crypto/cnxk/meson.build +++ b/drivers/crypto/cnxk/meson.build @@ -23,3 +23,9 @@ sources = files( deps += ['bus_pci', 'common_cnxk', 'security'] includes += include_directories('../../../lib/net') + +if get_option('buildtype').contains('debug') + cflags += [ '-DLA_IPSEC_DEBUG' ] +else + cflags += [ '-ULA_IPSEC_DEBUG' ] +endif From patchwork Mon Aug 16 05:59:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 96940 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 34507A0C46; Mon, 16 Aug 2021 08:00:51 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 891784114C; Mon, 16 Aug 2021 08:00:48 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 195FA41123 for ; Mon, 16 Aug 2021 08:00:46 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 17FMSmSm017193; Sun, 15 Aug 2021 23:00:46 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=E4RHCop3usnpjvFIhtaN0++JUxMBFZT3Quvk8sESZzE=; b=ZZQxbSwUMPu8qqw+jSYALFIH/rP4r6+kLY1asSeHO3b1pB2/g0hPyjGOAyFQSzLQDTqZ xbf7VJmNXGDtgVfUQh4Z+GdE5fXSRsscvF9Obc7XoDxF9kzarkty50+U03Km5JfTuc5S yb6DBaJDKCgrHPXjHzAsGV4XEFg9eSwK1BRtGbQZVUS+4x9UPF2GN/RSA5TVNL5esBtP f20frnsGGAshbFv+s6MAwclU7wcGNLUq849i4MN8M50CJMtWgvGpiqgNB5Xi1oauTBz6 Xj2Qj9epAeZPMZdFid72ZYFkLWl1Lvvf8Ld3q7e1g1L2/oYqJbm8KQy44/ttiSrMNj+o kg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3af0pthwjx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sun, 15 Aug 2021 23:00:46 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Sun, 15 Aug 2021 23:00:44 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Sun, 15 Aug 2021 23:00:44 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.36.215]) by maili.marvell.com (Postfix) with ESMTP id 7A2C85B695C; Sun, 15 Aug 2021 23:00:39 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Date: Mon, 16 Aug 2021 11:29:50 +0530 Message-ID: <1629093590-115-4-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1629093590-115-1-git-send-email-anoobj@marvell.com> References: <1629093590-115-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: hILn4-f6laIHowfD4Vu4S9DSvBDh5i83 X-Proofpoint-ORIG-GUID: hILn4-f6laIHowfD4Vu4S9DSvBDh5i83 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-08-16_02,2021-08-13_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH 3/3] test/crypto: add outbound known vector tests X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add outbound known vector tests. The tests would be skipped on PMDs which do not support IV provided by application. Signed-off-by: Anoob Joseph Signed-off-by: Tejasree Kondoj --- app/test/test_cryptodev.c | 44 ++++++++++++++++++++++++++++++++ app/test/test_cryptodev_security_ipsec.c | 16 +++++++++++- 2 files changed, 59 insertions(+), 1 deletion(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 71e6c1a..dfc49e0 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -8975,6 +8975,22 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], ut_params->op->sym->m_src = ut_params->ibuf; ut_params->op->sym->m_dst = NULL; + /* Copy IV in crypto operation when IV generation is disabled */ + if (dir == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && + ipsec_xform.options.iv_gen_disable == 1) { + uint8_t *iv = rte_crypto_op_ctod_offset(ut_params->op, + uint8_t *, + IV_OFFSET); + int len; + + if (td[i].aead) + len = td[i].xform.aead.aead.iv.length; + else + len = td[i].xform.chain.cipher.cipher.iv.length; + + memcpy(iv, td[i].iv.data, len); + } + /* Process crypto operation */ process_crypto_request(dev_id, ut_params->op); @@ -9012,6 +9028,22 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], } static int +test_ipsec_proto_known_vec(const void *test_data) +{ + struct ipsec_test_data td_outb; + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + memcpy(&td_outb, test_data, sizeof(td_outb)); + + /* Disable IV gen to be able to test with known vectors */ + td_outb.ipsec_xform.options.iv_gen_disable = 1; + + return test_ipsec_proto_process(&td_outb, NULL, 1, false, &flags); +} + +static int test_ipsec_proto_known_vec_inb(const void *td_outb) { struct ipsec_test_flags flags; @@ -14003,6 +14035,18 @@ static struct unit_test_suite ipsec_proto_testsuite = { .setup = ipsec_proto_testsuite_setup, .unit_test_cases = { TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 128)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, &pkt_aes_128_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 192)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, &pkt_aes_192_gcm), + TEST_CASE_NAMED_WITH_DATA( + "Outbound known vector (ESP tunnel mode IPv4 AES-GCM 256)", + ut_setup_security, ut_teardown, + test_ipsec_proto_known_vec, &pkt_aes_256_gcm), + TEST_CASE_NAMED_WITH_DATA( "Inbound known vector (ESP tunnel mode IPv4 AES-GCM 128)", ut_setup_security, ut_teardown, test_ipsec_proto_known_vec_inb, &pkt_aes_128_gcm), diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 78c7f3a..a0b37e7 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -76,6 +76,15 @@ test_ipsec_sec_caps_verify(struct rte_security_ipsec_xform *ipsec_xform, return -ENOTSUP; } + if ((ipsec_xform->direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS) && + (ipsec_xform->options.iv_gen_disable == 1) && + (sec_cap->ipsec.options.iv_gen_disable != 1)) { + if (!silent) + RTE_LOG(INFO, USER1, + "Application provided IV is not supported\n"); + return -ENOTSUP; + } + return 0; } @@ -160,9 +169,11 @@ test_ipsec_td_prepare(const struct crypto_param *param1, td->xform.aead.aead.algo = param1->alg.aead; td->xform.aead.aead.key.length = param1->key_length; + + if (flags->iv_gen) + td->ipsec_xform.options.iv_gen_disable = 0; } - RTE_SET_USED(flags); RTE_SET_USED(param2); } @@ -183,6 +194,9 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[], int icv_pos = td_inb[i].input_text.len - 4; td_inb[i].input_text.data[icv_pos] += 1; } + + /* Clear outbound specific flags */ + td_inb[i].ipsec_xform.options.iv_gen_disable = 0; } }