From patchwork Tue Aug 17 13:42:43 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 96986 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 63B37A0548; Tue, 17 Aug 2021 15:43:19 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 75D4E411AB; Tue, 17 Aug 2021 15:43:15 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id A1C8A411A9 for ; Tue, 17 Aug 2021 15:43:13 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 17H2ldj6006753; Tue, 17 Aug 2021 06:43:12 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=QN1Y2egLcsC75yVQ6q3ucd4iW29yFKPjWHlet1A6evA=; b=KtMqc8LLXQ9vPB3tAWF8goIKmlVZtR6xeFUuliBxs4jHDUZmeDmj3Gt1YBXl+oWdvLIO OCipXXk8YDCBLBjyZ3b4//ch+SLMxygRtwmHT24dvKDyGfcYij11QzCsVFC5azKnXWM/ BL9KSm/Luwk2jbmCPUhM0hXBj1fko1Y1DHFfwW7XBk8JtH8RvZiHU8zs7fvcmkbbNWS0 sCqozQXnJI9vUlCYVam+xWG/5L40ca6tWDJuNITbjUb8wdVpGPiDCHZqfhCzCkgbH2P3 sQ5ScIwegWzCusR0Psq6BYQr9SnJ2oNoRM8HNLw2rBSgS7bHIJJk2tb2Mk3Z1wzjM22W vQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com with ESMTP id 3ag4n0tae4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 17 Aug 2021 06:43:12 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 17 Aug 2021 06:43:11 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 17 Aug 2021 06:43:11 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.70.144]) by maili.marvell.com (Postfix) with ESMTP id 860C43F7045; Tue, 17 Aug 2021 06:43:05 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Date: Tue, 17 Aug 2021 19:12:43 +0530 Message-ID: <1629207767-262-2-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1629207767-262-1-git-send-email-anoobj@marvell.com> References: <1629207767-262-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: 7LacU0_TuHvBC7RkK1KnIq7XPHbJJjf4 X-Proofpoint-ORIG-GUID: 7LacU0_TuHvBC7RkK1KnIq7XPHbJJjf4 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-08-17_04,2021-08-17_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH 1/5] security: add SA lifetime configuration X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add SA lifetime configuration to register soft and hard expiry limits. Expiry can be in units of number of packets or bytes. Crypto op status is also updated to include new field, aux_flags, which can be used to indicate cases such as soft expiry in case of lookaside protocol operations. In case of soft expiry, the packets are successfully IPsec processed but the soft expiry would indicate that SA needs to be reconfigured. For inline protocol capable ethdev, this would result in an eth event while for lookaside protocol capable cryptodev, this can be communicated via `rte_crypto_op.aux_flags` field. In case of hard expiry, the packets will not be IPsec processed and would result in error. Signed-off-by: Anoob Joseph --- .../test_cryptodev_security_ipsec_test_vectors.h | 3 --- examples/ipsec-secgw/ipsec.c | 2 +- examples/ipsec-secgw/ipsec.h | 2 +- lib/cryptodev/rte_crypto.h | 18 +++++++++++++- lib/security/rte_security.h | 28 ++++++++++++++++++++-- 5 files changed, 45 insertions(+), 8 deletions(-) diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h index ae9cd24..38ea43d 100644 --- a/app/test/test_cryptodev_security_ipsec_test_vectors.h +++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h @@ -98,7 +98,6 @@ struct ipsec_test_data pkt_aes_128_gcm = { .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4, - .esn_soft_limit = 0, .replay_win_sz = 0, }, @@ -195,7 +194,6 @@ struct ipsec_test_data pkt_aes_192_gcm = { .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4, - .esn_soft_limit = 0, .replay_win_sz = 0, }, @@ -295,7 +293,6 @@ struct ipsec_test_data pkt_aes_256_gcm = { .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4, - .esn_soft_limit = 0, .replay_win_sz = 0, }, diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c index 5b032fe..4868294 100644 --- a/examples/ipsec-secgw/ipsec.c +++ b/examples/ipsec-secgw/ipsec.c @@ -49,7 +49,7 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec) } /* TODO support for Transport */ } - ipsec->esn_soft_limit = IPSEC_OFFLOAD_ESN_SOFTLIMIT; + ipsec->life.packets_soft_limit = IPSEC_OFFLOAD_PKTS_SOFTLIMIT; ipsec->replay_win_sz = app_sa_prm.window_size; ipsec->options.esn = app_sa_prm.enable_esn; ipsec->options.udp_encap = sa->udp_encap; diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h index ae5058d..90c81c1 100644 --- a/examples/ipsec-secgw/ipsec.h +++ b/examples/ipsec-secgw/ipsec.h @@ -23,7 +23,7 @@ #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */ -#define IPSEC_OFFLOAD_ESN_SOFTLIMIT 0xffffff00 +#define IPSEC_OFFLOAD_PKTS_SOFTLIMIT 0xffffff00 #define IV_OFFSET (sizeof(struct rte_crypto_op) + \ sizeof(struct rte_crypto_sym_op)) diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h index fd5ef3a..d602183 100644 --- a/lib/cryptodev/rte_crypto.h +++ b/lib/cryptodev/rte_crypto.h @@ -66,6 +66,17 @@ enum rte_crypto_op_sess_type { }; /** + * Auxiliary flags to indicate additional info from the operation + */ + +/** + * Auxiliary flags related to IPsec offload with RTE_SECURITY + */ + +#define RTE_CRYPTO_OP_AUX_FLAGS_IPSEC_SOFT_EXPIRY (1 << 0) +/**< SA soft expiry limit has been reached */ + +/** * Cryptographic Operation. * * This structure contains data relating to performing cryptographic @@ -93,7 +104,12 @@ struct rte_crypto_op { */ uint8_t sess_type; /**< operation session type */ - uint8_t reserved[3]; + uint8_t aux_flags; + /**< Operation specific auxiliary/additional flags. + * These flags carry additional information from the + * operation. Processing of the same is optional. + */ + uint8_t reserved[2]; /**< Reserved bytes to fill 64 bits for * future additions */ diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index b4b6776..95c169d 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -206,6 +206,30 @@ enum rte_security_ipsec_sa_direction { }; /** + * Configure soft and hard lifetime of an IPsec SA + * + * Lifetime of an IPsec SA would specify the maximum number of packets or bytes + * that can be processed. IPsec operations would start failing once any hard + * limit is reached. + * + * Soft limits can be specified to generate notification when the SA is + * approaching hard limits for lifetime. For inline operations, reaching soft + * expiry limit would result in raising an eth event for the same. For lookaside + * operations, this would result in a warning returned in + * ``rte_crypto_op.aux_flags``. + */ +struct rte_security_ipsec_lifetime { + uint64_t packets_soft_limit; + /**< Soft expiry limit in number of packets */ + uint64_t bytes_soft_limit; + /**< Soft expiry limit in bytes */ + uint64_t packets_hard_limit; + /**< Soft expiry limit in number of packets */ + uint64_t bytes_hard_limit; + /**< Soft expiry limit in bytes */ +}; + +/** * IPsec security association configuration data. * * This structure contains data required to create an IPsec SA security session. @@ -225,8 +249,8 @@ struct rte_security_ipsec_xform { /**< IPsec SA Mode - transport/tunnel */ struct rte_security_ipsec_tunnel_param tunnel; /**< Tunnel parameters, NULL for transport mode */ - uint64_t esn_soft_limit; - /**< ESN for which the overflow event need to be raised */ + struct rte_security_ipsec_lifetime life; + /**< IPsec SA lifetime */ uint32_t replay_win_sz; /**< Anti replay window size to enable sequence replay attack handling. * replay checking is disabled if the window size is 0. From patchwork Tue Aug 17 13:42:44 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 96987 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2E7F5A0548; Tue, 17 Aug 2021 15:43:25 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9E2B9411A9; Tue, 17 Aug 2021 15:43:22 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id A02DC40DF5 for ; Tue, 17 Aug 2021 15:43:20 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 17H9x7Oj030293; Tue, 17 Aug 2021 06:43:20 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=/fcJZCbtearGlOVwwTkh/sAv7/jO7gPQKZ4EHI3PYt0=; b=LAtMKHjv41eXCDQcTy3S6KrxfS7U2V/VIQxjz2i3LRDPyTVyn2qcXf69D1UAAU8YY+Q0 7YhMsgZAu/x4nvyx9GK5jbdRMwDRJXpcBIff7ux7QFmgGxC1pZTC0xEGQl7WVtkO+AIg w1QOY1t0mdhkW0mdSELyEnjeY/YxQRIJ0mMZciM+zXxMuKh5KdR/Ubn0vTMF5eegrbhC 6vXsuMTR43pUokjfPR8l9aGPgfGEznuoPsncB22Fl4fuxUEB90AU3joVpFG8oKQCv1ve jk3bF/jjVzwopW7FO+iRf11h72JIwqY7oX2GwwCOQVRNqHF2cwf7O4RbhZiMWmKElu/P vQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3agay2gtk1-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 17 Aug 2021 06:43:20 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 17 Aug 2021 06:43:18 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 17 Aug 2021 06:43:18 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.70.144]) by maili.marvell.com (Postfix) with ESMTP id CA4453F7045; Tue, 17 Aug 2021 06:43:12 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Date: Tue, 17 Aug 2021 19:12:44 +0530 Message-ID: <1629207767-262-3-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1629207767-262-1-git-send-email-anoobj@marvell.com> References: <1629207767-262-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: OguhZtTKKSjF4TDlQLLQYvk_kbJIYvP_ X-Proofpoint-ORIG-GUID: OguhZtTKKSjF4TDlQLLQYvk_kbJIYvP_ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-08-17_04,2021-08-17_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH 2/5] common/cnxk: support lifetime configuration X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add support for SA lifetime configuration. Expiry can be either in units of octets or packets. Also, updated cryptodev dequeue path to update crypto op result to indicate soft expiry. Signed-off-by: Anoob Joseph --- drivers/common/cnxk/cnxk_security.c | 70 +++++++++++++++++++++++++++++++ drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 48 ++++++++++++++++----- 2 files changed, 107 insertions(+), 11 deletions(-) diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c index 6c6728f..d9d4283 100644 --- a/drivers/common/cnxk/cnxk_security.c +++ b/drivers/common/cnxk/cnxk_security.c @@ -99,6 +99,26 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, return -EINVAL; } + if (ipsec_xfrm->life.packets_soft_limit != 0 || + ipsec_xfrm->life.packets_hard_limit != 0) { + if (ipsec_xfrm->life.bytes_soft_limit != 0 || + ipsec_xfrm->life.bytes_hard_limit != 0) { + plt_err("Expiry tracking with both packets & bytes is not supported"); + return -EINVAL; + } + w2->s.life_unit = ROC_IE_OT_SA_LIFE_UNIT_PKTS; + } + + if (ipsec_xfrm->life.bytes_soft_limit != 0 || + ipsec_xfrm->life.bytes_hard_limit != 0) { + if (ipsec_xfrm->life.packets_soft_limit != 0 || + ipsec_xfrm->life.packets_hard_limit != 0) { + plt_err("Expiry tracking with both packets & bytes is not supported"); + return -EINVAL; + } + w2->s.life_unit = ROC_IE_OT_SA_LIFE_UNIT_OCTETS; + } + return 0; } @@ -173,6 +193,31 @@ cnxk_ot_ipsec_inb_sa_fill(struct roc_ot_ipsec_inb_sa *sa, ROC_CTX_UNIT_128B) - 1; + /** + * CPT MC triggers expiry when counter value changes from 2 to 1. To + * mitigate this behaviour add 1 to the life counter values provided. + */ + + if (ipsec_xfrm->life.bytes_soft_limit) { + sa->ctx.soft_life = ipsec_xfrm->life.bytes_soft_limit + 1; + sa->w0.s.soft_life_dec = 1; + } + + if (ipsec_xfrm->life.packets_soft_limit) { + sa->ctx.soft_life = ipsec_xfrm->life.packets_soft_limit + 1; + sa->w0.s.soft_life_dec = 1; + } + + if (ipsec_xfrm->life.bytes_hard_limit) { + sa->ctx.hard_life = ipsec_xfrm->life.bytes_hard_limit + 1; + sa->w0.s.hard_life_dec = 1; + } + + if (ipsec_xfrm->life.packets_hard_limit) { + sa->ctx.hard_life = ipsec_xfrm->life.packets_hard_limit + 1; + sa->w0.s.hard_life_dec = 1; + } + /* There are two words of CPT_CTX_HW_S for ucode to skip */ sa->w0.s.ctx_hdr_size = 1; sa->w0.s.aop_valid = 1; @@ -296,6 +341,31 @@ cnxk_ot_ipsec_outb_sa_fill(struct roc_ot_ipsec_outb_sa *sa, /* IPID gen */ sa->w2.s.ipid_gen = 1; + /** + * CPT MC triggers expiry when counter value changes from 2 to 1. To + * mitigate this behaviour add 1 to the life counter values provided. + */ + + if (ipsec_xfrm->life.bytes_soft_limit) { + sa->ctx.soft_life = ipsec_xfrm->life.bytes_soft_limit + 1; + sa->w0.s.soft_life_dec = 1; + } + + if (ipsec_xfrm->life.packets_soft_limit) { + sa->ctx.soft_life = ipsec_xfrm->life.packets_soft_limit + 1; + sa->w0.s.soft_life_dec = 1; + } + + if (ipsec_xfrm->life.bytes_hard_limit) { + sa->ctx.hard_life = ipsec_xfrm->life.bytes_hard_limit + 1; + sa->w0.s.hard_life_dec = 1; + } + + if (ipsec_xfrm->life.packets_hard_limit) { + sa->ctx.hard_life = ipsec_xfrm->life.packets_hard_limit + 1; + sa->w0.s.hard_life_dec = 1; + } + /* There are two words of CPT_CTX_HW_S for ucode to skip */ sa->w0.s.ctx_hdr_size = 1; sa->w0.s.aop_valid = 1; diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c index 2e1a739..ac8179b 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c @@ -291,12 +291,44 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct cpt_inflight_req *infl_req) { struct cpt_cn10k_res_s *res = (struct cpt_cn10k_res_s *)&infl_req->res; + const uint8_t uc_compcode = res->uc_compcode; + const uint8_t compcode = res->compcode; unsigned int sz; - if (likely(res->compcode == CPT_COMP_GOOD || - res->compcode == CPT_COMP_WARN)) { - if (unlikely(res->uc_compcode)) { - if (res->uc_compcode == ROC_SE_ERR_GC_ICV_MISCOMPARE) + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + + if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC && + cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + if (likely(compcode == CPT_COMP_WARN)) { + if (unlikely(uc_compcode != ROC_IE_OT_UCC_SUCCESS)) { + /* Success with additional info */ + switch (uc_compcode) { + case ROC_IE_OT_UCC_SUCCESS_SA_SOFTEXP_FIRST: + cop->aux_flags = + RTE_CRYPTO_OP_AUX_FLAGS_IPSEC_SOFT_EXPIRY; + break; + default: + break; + } + } + cn10k_cpt_sec_post_process(cop, infl_req); + } else { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + plt_dp_info("HW completion code 0x%x", res->compcode); + if (compcode == CPT_COMP_GOOD) { + plt_dp_info( + "Request failed with microcode error"); + plt_dp_info("MC completion code 0x%x", + uc_compcode); + } + } + + return; + } + + if (likely(compcode == CPT_COMP_GOOD || compcode == CPT_COMP_WARN)) { + if (unlikely(uc_compcode)) { + if (uc_compcode == ROC_SE_ERR_GC_ICV_MISCOMPARE) cop->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; else cop->status = RTE_CRYPTO_OP_STATUS_ERROR; @@ -307,13 +339,7 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, goto temp_sess_free; } - cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { - if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - cn10k_cpt_sec_post_process(cop, infl_req); - return; - } - /* Verify authentication data if required */ if (unlikely(infl_req->op_flags & CPT_OP_FLAGS_AUTH_VERIFY)) { @@ -335,7 +361,7 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, cop->status = RTE_CRYPTO_OP_STATUS_ERROR; plt_dp_info("HW completion code 0x%x", res->compcode); - switch (res->compcode) { + switch (compcode) { case CPT_COMP_INSTERR: plt_dp_err("Request failed with instruction error"); break; From patchwork Tue Aug 17 13:42:45 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 96988 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4D744A0548; Tue, 17 Aug 2021 15:43:32 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2132B411B1; Tue, 17 Aug 2021 15:43:29 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 77B19411A7 for ; Tue, 17 Aug 2021 15:43:27 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 17H9wudA029440; Tue, 17 Aug 2021 06:43:26 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=r4R5V609tizPbkbpYTi1gbGXDY2tsnuOwyB5+AdNcB8=; b=hhpNFL1J/AeQPRCXKJo73kpXWhKwHvpL8YOQwBp9vCh3rQXhcer3Nbm4JX3EBjjX77Bx 6cLvadQBuoqCxIiMDU74ZAYW45x/g8RVMic5wCRwcBkfDB6q21d6RYp2m1oUXCDNE2pp uEOIRvDeRD8Cv+v9jowGldXOsaYHzpL0mGm4Xy9IO6hsyQA+nMm3Tq4sbZaG93ujwS0k RvpSrmbDXmnUtiX8TedON/12wt/3fol5+HZsZH8TONHgPHyv731EmunGPzCEIt2IxJWK dTcgpEWNQYYNXAZXDX5Wf3Z/t5WNvRd7hvQyosqAu+c9IGWt7jglro/yDQXtYDBaSLu1 Cg== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com with ESMTP id 3agay2gtkh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 17 Aug 2021 06:43:26 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 17 Aug 2021 06:43:24 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 17 Aug 2021 06:43:24 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.70.144]) by maili.marvell.com (Postfix) with ESMTP id C59043F7045; Tue, 17 Aug 2021 06:43:19 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Date: Tue, 17 Aug 2021 19:12:45 +0530 Message-ID: <1629207767-262-4-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1629207767-262-1-git-send-email-anoobj@marvell.com> References: <1629207767-262-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: KttKBzi5E0Hz0Woirv5MUi923rvD1O2Y X-Proofpoint-ORIG-GUID: KttKBzi5E0Hz0Woirv5MUi923rvD1O2Y X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-08-17_04,2021-08-17_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH 3/5] crypto/octeontx2: add checks for life configuration X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Lifetime tracking is not supported by hardware and is not implemented in software either. Return failure when lifetime is configured. Signed-off-by: Anoob Joseph --- drivers/crypto/octeontx2/otx2_ipsec_po.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h index b3e7456..b61c5e0 100644 --- a/drivers/crypto/octeontx2/otx2_ipsec_po.h +++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h @@ -293,6 +293,12 @@ ipsec_po_xform_verify(struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *auth_xform, *cipher_xform; int ret; + if (ipsec->life.bytes_hard_limit != 0 || + ipsec->life.bytes_soft_limit != 0 || + ipsec->life.packets_hard_limit != 0 || + ipsec->life.packets_soft_limit != 0) + return -ENOTSUP; + if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) return ipsec_po_xform_aead_verify(ipsec, xform); From patchwork Tue Aug 17 13:42:46 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 96989 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3F458A0548; Tue, 17 Aug 2021 15:43:38 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 4DFBE411BE; Tue, 17 Aug 2021 15:43:36 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 637FD411BE for ; Tue, 17 Aug 2021 15:43:35 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 17H9x6Km030280; Tue, 17 Aug 2021 06:43:34 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=CdtgUI7by73ftCA95JFpc+Yu6aejGYzmrLu2Od/arMU=; b=d1opf6jaLOCAZ9nC3iOTfYx1kgOg3uuTi7fZi4mXqFko95m3FukaAiMju0DYNyyClE5+ rByjSY3vs4RJNYcnVk9BVnUHbW3oMeoJNHsi0SyRvtwfGsrvASh6P3gO54mT6DI+LGvC 2mOPrljQCM8yOV4FpICzR+GbLTQh0ogY/n8O5z8zP6dl8f1cdDLCagTTnp0H1DVpyEOj e0QlodidQMe0yBu5RBpHaIWoua9vx+kWlXr7fHdIvRJobc+KFO/+hmMTnQTVW8O29omw vOjdrFLcqiR0aSkV/1epFDomO+3mgSHTwXug7iU2mVzQt8Ir/wDu60ji4de3tmOR4IA7 Vg== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3agay2gtkr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 17 Aug 2021 06:43:34 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 17 Aug 2021 06:43:32 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 17 Aug 2021 06:43:32 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.70.144]) by maili.marvell.com (Postfix) with ESMTP id F132E3F7045; Tue, 17 Aug 2021 06:43:26 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Date: Tue, 17 Aug 2021 19:12:46 +0530 Message-ID: <1629207767-262-5-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1629207767-262-1-git-send-email-anoobj@marvell.com> References: <1629207767-262-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: sh4jj1xSqyXQc0NUfgB1pEQ6iCtA0Owt X-Proofpoint-ORIG-GUID: sh4jj1xSqyXQc0NUfgB1pEQ6iCtA0Owt X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-08-17_04,2021-08-17_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH 4/5] test/crypto: add packets soft expiry tests X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add tests to validate packets soft expiry handling. Signed-off-by: Anoob Joseph --- app/test/test_cryptodev.c | 21 +++++++++++++++++++-- app/test/test_cryptodev_security_ipsec.c | 18 ++++++++++++++++-- app/test/test_cryptodev_security_ipsec.h | 4 +++- 3 files changed, 38 insertions(+), 5 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index dfc49e0..2baa569 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -8994,7 +8994,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], /* Process crypto operation */ process_crypto_request(dev_id, ut_params->op); - ret = test_ipsec_status_check(ut_params->op, flags, dir); + ret = test_ipsec_status_check(ut_params->op, flags, dir, i + 1); if (ret != TEST_SUCCESS) goto crypto_op_free; @@ -9064,7 +9064,8 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags) unsigned int i, nb_pkts = 1, pass_cnt = 0; int ret; - if (flags->iv_gen) + if (flags->iv_gen || + flags->sa_expiry_pkts_soft) nb_pkts = IPSEC_TEST_PACKETS_MAX; for (i = 0; i < RTE_DIM(aead_list); i++) { @@ -9129,6 +9130,18 @@ test_ipsec_proto_iv_gen(const void *data __rte_unused) } static int +test_ipsec_proto_sa_exp_pkts_soft(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.sa_expiry_pkts_soft = true; + + return test_ipsec_proto_all(&flags); +} + +static int test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused) { struct ipsec_test_flags flags; @@ -14067,6 +14080,10 @@ static struct unit_test_suite ipsec_proto_testsuite = { ut_setup_security, ut_teardown, test_ipsec_proto_iv_gen), TEST_CASE_NAMED_ST( + "SA expiry packets soft", + ut_setup_security, ut_teardown, + test_ipsec_proto_sa_exp_pkts_soft), + TEST_CASE_NAMED_ST( "Negative test: ICV corruption", ut_setup_security, ut_teardown, test_ipsec_proto_err_icv_corrupt), diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index a0b37e7..9eb610c 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -172,6 +172,10 @@ test_ipsec_td_prepare(const struct crypto_param *param1, if (flags->iv_gen) td->ipsec_xform.options.iv_gen_disable = 0; + + if (flags->sa_expiry_pkts_soft) + td->ipsec_xform.life.packets_soft_limit = + IPSEC_TEST_PACKETS_MAX - 1; } RTE_SET_USED(param2); @@ -367,7 +371,8 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, int test_ipsec_status_check(struct rte_crypto_op *op, const struct ipsec_test_flags *flags, - enum rte_security_ipsec_sa_direction dir) + enum rte_security_ipsec_sa_direction dir, + int pkt_num) { int ret = TEST_SUCCESS; @@ -378,7 +383,16 @@ test_ipsec_status_check(struct rte_crypto_op *op, } } else { if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { - printf("Security op processing failed\n"); + printf("Security op processing failed [pkt_num: %d]\n", + pkt_num); + ret = TEST_FAILED; + } + } + + if (flags->sa_expiry_pkts_soft && pkt_num == IPSEC_TEST_PACKETS_MAX) { + if (!(op->aux_flags & + RTE_CRYPTO_OP_AUX_FLAGS_IPSEC_SOFT_EXPIRY)) { + printf("SA soft expiry (pkts) test failed\n"); ret = TEST_FAILED; } } diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index d2ec63f..921c58d 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -49,6 +49,7 @@ struct ipsec_test_data { struct ipsec_test_flags { bool display_alg; + bool sa_expiry_pkts_soft; bool icv_corrupt; bool iv_gen; }; @@ -113,6 +114,7 @@ int test_ipsec_post_process(struct rte_mbuf *m, int test_ipsec_status_check(struct rte_crypto_op *op, const struct ipsec_test_flags *flags, - enum rte_security_ipsec_sa_direction dir); + enum rte_security_ipsec_sa_direction dir, + int pkt_num); #endif From patchwork Tue Aug 17 13:42:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 96990 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B22F6A0548; Tue, 17 Aug 2021 15:43:44 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7A39E411BA; Tue, 17 Aug 2021 15:43:43 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 6D4AB411A8 for ; Tue, 17 Aug 2021 15:43:41 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.0.43) with SMTP id 17H2lbqK006738; Tue, 17 Aug 2021 06:43:40 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=U0FYp4Dqo4EuNC69WRlmbxbNsUgBuUE578gapZmbKxg=; b=dsudmcn4yP8OyNAxiRbEuhG4K5kJ2Iu4QyoDaljYZsjmKMZWE/8Dsmeo1nv7Oa2R2aaB dXUEhjFUhy9bdd/1Q2iXJ1nAJOEI7iTBHZfVlxoycfaEbX3cQWTWH1xBXIyvV4X9s4eI Q1b101SKyWJEEtDHqxKzIEF/57YYT1+FTeFPiGoPNg7HmpfMgrPguSVZK6kHn4NXBECN IC5CDbs04X/nbGmhHHjFp4Lq6yAH1JuNCOAabKXAWQ5CapCFqZz/VLY7BI2wJ45LfaxO sIbrQqSZQGtp8j5jIuG/InJgao3FR25CbgeZWHkVVHGFTBqAD2RLjIMnO+kdrMUOVwD+ 4A== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com with ESMTP id 3ag4n0tajc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 17 Aug 2021 06:43:40 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 17 Aug 2021 06:43:39 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 17 Aug 2021 06:43:39 -0700 Received: from HY-LT1002.marvell.com (unknown [10.193.70.144]) by maili.marvell.com (Postfix) with ESMTP id 4424B3F7045; Tue, 17 Aug 2021 06:43:33 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Date: Tue, 17 Aug 2021 19:12:47 +0530 Message-ID: <1629207767-262-6-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1629207767-262-1-git-send-email-anoobj@marvell.com> References: <1629207767-262-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: C6FdpXtCKpQEx8xxzMHiaJVFFAVbkpTW X-Proofpoint-ORIG-GUID: C6FdpXtCKpQEx8xxzMHiaJVFFAVbkpTW X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-08-17_04,2021-08-17_02,2020-04-07_01 Subject: [dpdk-dev] [PATCH 5/5] test/crypto: add packets hard expiry tests X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add tests to validate packets hard expiry handling. Signed-off-by: Anoob Joseph --- app/test/test_cryptodev.c | 19 ++++++++++++++++++- app/test/test_cryptodev_security_ipsec.c | 22 +++++++++++++++++++--- app/test/test_cryptodev_security_ipsec.h | 1 + 3 files changed, 38 insertions(+), 4 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 2baa569..a7374bf 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9065,7 +9065,8 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags) int ret; if (flags->iv_gen || - flags->sa_expiry_pkts_soft) + flags->sa_expiry_pkts_soft || + flags->sa_expiry_pkts_hard) nb_pkts = IPSEC_TEST_PACKETS_MAX; for (i = 0; i < RTE_DIM(aead_list); i++) { @@ -9142,6 +9143,18 @@ test_ipsec_proto_sa_exp_pkts_soft(const void *data __rte_unused) } static int +test_ipsec_proto_sa_exp_pkts_hard(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.sa_expiry_pkts_hard = true; + + return test_ipsec_proto_all(&flags); +} + +static int test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused) { struct ipsec_test_flags flags; @@ -14084,6 +14097,10 @@ static struct unit_test_suite ipsec_proto_testsuite = { ut_setup_security, ut_teardown, test_ipsec_proto_sa_exp_pkts_soft), TEST_CASE_NAMED_ST( + "SA expiry packets hard", + ut_setup_security, ut_teardown, + test_ipsec_proto_sa_exp_pkts_hard), + TEST_CASE_NAMED_ST( "Negative test: ICV corruption", ut_setup_security, ut_teardown, test_ipsec_proto_err_icv_corrupt), diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 9eb610c..efb4c7e 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -199,6 +199,10 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[], td_inb[i].input_text.data[icv_pos] += 1; } + if (flags->sa_expiry_pkts_hard) + td_inb[i].ipsec_xform.life.packets_hard_limit = + IPSEC_TEST_PACKETS_MAX - 1; + /* Clear outbound specific flags */ td_inb[i].ipsec_xform.options.iv_gen_disable = 0; } @@ -281,9 +285,10 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); uint32_t skip, len = rte_pktmbuf_pkt_len(m); - /* For negative tests, no need to do verification */ - if (flags->icv_corrupt && - td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) + /* For tests with status as error for test success, skip verification */ + if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && + (flags->icv_corrupt || + flags->sa_expiry_pkts_hard)) return TEST_SUCCESS; if (len != td->output_text.len) { @@ -376,6 +381,17 @@ test_ipsec_status_check(struct rte_crypto_op *op, { int ret = TEST_SUCCESS; + if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && + flags->sa_expiry_pkts_hard && + pkt_num == IPSEC_TEST_PACKETS_MAX) { + if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) { + printf("SA hard expiry (pkts) test failed\n"); + return TEST_FAILED; + } else { + return TEST_SUCCESS; + } + } + if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && flags->icv_corrupt) { if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) { printf("ICV corruption test case failed\n"); diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index 921c58d..2d3dd59 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -50,6 +50,7 @@ struct ipsec_test_data { struct ipsec_test_flags { bool display_alg; bool sa_expiry_pkts_soft; + bool sa_expiry_pkts_hard; bool icv_corrupt; bool iv_gen; };