From patchwork Tue Sep 28 10:07:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 99885 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6742AA0032; Tue, 28 Sep 2021 12:08:57 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 4937C410DF; Tue, 28 Sep 2021 12:08:57 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id D4CAB410D7 for ; Tue, 28 Sep 2021 12:08:54 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18SA6Txs002880; Tue, 28 Sep 2021 03:08:54 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=wdfWpXLAuaieUN3DedidlEx0BVa6D3GT286AqBpORb0=; b=ByotWjrh5/zf6RWIQHumSjXuGy4wL0LVaPTkRqjG4gNmbZy5EtuINTS9JwREK3xA2byi YOcAF231ZsQavvuUDpuH2q14wqNMO0fZpXblNn9QxghdQz77Zt8vvQjsWYmHfhH4IeP+ 0Zs49DuYlI2znOTf9Fu6yKW4My+wBH+sG9NO4Wdb4Fs7LyccK8e2YVTZqHF4td+VASaL Ajy0D1iHYgqsaoi28+hjzMVPLBZrAOd3fMzeOQkQP69QhulB/v76zIlS7a8Xm/GveawV 6loBjYUUcmZTq72PunyRIrH3a1WQflaUMTUaXVVi6ZN6NUFqUc4Ky++gyNKAkT226Vrv xw== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com with ESMTP id 3bbdmjv9r3-8 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 28 Sep 2021 03:08:53 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 28 Sep 2021 03:08:04 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 28 Sep 2021 03:08:04 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 280223F707D; Tue, 28 Sep 2021 03:07:59 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Gagandeep Singh , Date: Tue, 28 Sep 2021 15:37:36 +0530 Message-ID: <1632823662-384-2-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1632823662-384-1-git-send-email-anoobj@marvell.com> References: <1631032372-275-1-git-send-email-anoobj@marvell.com> <1632823662-384-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: W5ky3i02lla8W33hw2CmLViHEdvDqJkC X-Proofpoint-ORIG-GUID: W5ky3i02lla8W33hw2CmLViHEdvDqJkC X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-28_05,2021-09-28_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v3 1/6] security: add SA lifetime configuration X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add SA lifetime configuration to register soft and hard expiry limits. Expiry can be in units of number of packets or bytes. Crypto op status is also updated to include new field, aux_flags, which can be used to indicate cases such as soft expiry in case of lookaside protocol operations. In case of soft expiry, the packets are successfully IPsec processed but the soft expiry would indicate that SA needs to be reconfigured. For inline protocol capable ethdev, this would result in an eth event while for lookaside protocol capable cryptodev, this can be communicated via `rte_crypto_op.aux_flags` field. In case of hard expiry, the packets will not be IPsec processed and would result in error. Signed-off-by: Anoob Joseph Acked-by: Konstantin Ananyev --- .../test_cryptodev_security_ipsec_test_vectors.h | 3 --- doc/guides/rel_notes/deprecation.rst | 5 ---- doc/guides/rel_notes/release_21_11.rst | 13 ++++++++++ examples/ipsec-secgw/ipsec.c | 2 +- examples/ipsec-secgw/ipsec.h | 2 +- lib/cryptodev/rte_crypto.h | 18 +++++++++++++- lib/security/rte_security.h | 28 ++++++++++++++++++++-- 7 files changed, 58 insertions(+), 13 deletions(-) diff --git a/app/test/test_cryptodev_security_ipsec_test_vectors.h b/app/test/test_cryptodev_security_ipsec_test_vectors.h index ae9cd24..38ea43d 100644 --- a/app/test/test_cryptodev_security_ipsec_test_vectors.h +++ b/app/test/test_cryptodev_security_ipsec_test_vectors.h @@ -98,7 +98,6 @@ struct ipsec_test_data pkt_aes_128_gcm = { .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4, - .esn_soft_limit = 0, .replay_win_sz = 0, }, @@ -195,7 +194,6 @@ struct ipsec_test_data pkt_aes_192_gcm = { .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4, - .esn_soft_limit = 0, .replay_win_sz = 0, }, @@ -295,7 +293,6 @@ struct ipsec_test_data pkt_aes_256_gcm = { .proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP, .mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL, .tunnel.type = RTE_SECURITY_IPSEC_TUNNEL_IPV4, - .esn_soft_limit = 0, .replay_win_sz = 0, }, diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/deprecation.rst index 70ef45e..69fbde0 100644 --- a/doc/guides/rel_notes/deprecation.rst +++ b/doc/guides/rel_notes/deprecation.rst @@ -275,8 +275,3 @@ Deprecation Notices * cmdline: ``cmdline`` structure will be made opaque to hide platform-specific content. On Linux and FreeBSD, supported prior to DPDK 20.11, original structure will be kept until DPDK 21.11. - -* cryptodev: The structure ``rte_crypto_op`` would be updated to reduce - reserved bytes to 2 (from 3), and use 1 byte to indicate warnings and other - information from the crypto/security operation. This field will be used to - communicate events such as soft expiry with IPsec in lookaside mode. diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst index eef7f79..0b7ffa5 100644 --- a/doc/guides/rel_notes/release_21_11.rst +++ b/doc/guides/rel_notes/release_21_11.rst @@ -147,6 +147,13 @@ API Changes as it is for drivers only and should be private to DPDK, and not installed for app use. +* cryptodev: use 1 reserved byte from ``rte_crypto_op`` for aux flags + + * Updated the structure ``rte_crypto_op`` to reduce reserved bytes to + 2 (from 3), and use 1 byte to indicate warnings and other information from + the crypto/security operation. This field will be used to communicate events + such as soft expiry with IPsec in lookaside mode. + ABI Changes ----------- @@ -168,6 +175,12 @@ ABI Changes * Added IPsec SA option to disable IV generation to allow known vector tests as well as usage of application provided IV on supported PMDs. +* security: add IPsec SA lifetime configuration + + * Added IPsec SA lifetime configuration to allow applications to configure + soft and hard SA expiry limits. Limits can be either in units of packets or + bytes. + Known Issues ------------ diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c index 5b032fe..4868294 100644 --- a/examples/ipsec-secgw/ipsec.c +++ b/examples/ipsec-secgw/ipsec.c @@ -49,7 +49,7 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec) } /* TODO support for Transport */ } - ipsec->esn_soft_limit = IPSEC_OFFLOAD_ESN_SOFTLIMIT; + ipsec->life.packets_soft_limit = IPSEC_OFFLOAD_PKTS_SOFTLIMIT; ipsec->replay_win_sz = app_sa_prm.window_size; ipsec->options.esn = app_sa_prm.enable_esn; ipsec->options.udp_encap = sa->udp_encap; diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h index ae5058d..90c81c1 100644 --- a/examples/ipsec-secgw/ipsec.h +++ b/examples/ipsec-secgw/ipsec.h @@ -23,7 +23,7 @@ #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */ -#define IPSEC_OFFLOAD_ESN_SOFTLIMIT 0xffffff00 +#define IPSEC_OFFLOAD_PKTS_SOFTLIMIT 0xffffff00 #define IV_OFFSET (sizeof(struct rte_crypto_op) + \ sizeof(struct rte_crypto_sym_op)) diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h index fd5ef3a..d602183 100644 --- a/lib/cryptodev/rte_crypto.h +++ b/lib/cryptodev/rte_crypto.h @@ -66,6 +66,17 @@ enum rte_crypto_op_sess_type { }; /** + * Auxiliary flags to indicate additional info from the operation + */ + +/** + * Auxiliary flags related to IPsec offload with RTE_SECURITY + */ + +#define RTE_CRYPTO_OP_AUX_FLAGS_IPSEC_SOFT_EXPIRY (1 << 0) +/**< SA soft expiry limit has been reached */ + +/** * Cryptographic Operation. * * This structure contains data relating to performing cryptographic @@ -93,7 +104,12 @@ struct rte_crypto_op { */ uint8_t sess_type; /**< operation session type */ - uint8_t reserved[3]; + uint8_t aux_flags; + /**< Operation specific auxiliary/additional flags. + * These flags carry additional information from the + * operation. Processing of the same is optional. + */ + uint8_t reserved[2]; /**< Reserved bytes to fill 64 bits for * future additions */ diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index f9e6591..88147e1 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -217,6 +217,30 @@ enum rte_security_ipsec_sa_direction { }; /** + * Configure soft and hard lifetime of an IPsec SA + * + * Lifetime of an IPsec SA would specify the maximum number of packets or bytes + * that can be processed. IPsec operations would start failing once any hard + * limit is reached. + * + * Soft limits can be specified to generate notification when the SA is + * approaching hard limits for lifetime. For inline operations, reaching soft + * expiry limit would result in raising an eth event for the same. For lookaside + * operations, this would result in a warning returned in + * ``rte_crypto_op.aux_flags``. + */ +struct rte_security_ipsec_lifetime { + uint64_t packets_soft_limit; + /**< Soft expiry limit in number of packets */ + uint64_t bytes_soft_limit; + /**< Soft expiry limit in bytes */ + uint64_t packets_hard_limit; + /**< Soft expiry limit in number of packets */ + uint64_t bytes_hard_limit; + /**< Soft expiry limit in bytes */ +}; + +/** * IPsec security association configuration data. * * This structure contains data required to create an IPsec SA security session. @@ -236,8 +260,8 @@ struct rte_security_ipsec_xform { /**< IPsec SA Mode - transport/tunnel */ struct rte_security_ipsec_tunnel_param tunnel; /**< Tunnel parameters, NULL for transport mode */ - uint64_t esn_soft_limit; - /**< ESN for which the overflow event need to be raised */ + struct rte_security_ipsec_lifetime life; + /**< IPsec SA lifetime */ uint32_t replay_win_sz; /**< Anti replay window size to enable sequence replay attack handling. * replay checking is disabled if the window size is 0. From patchwork Tue Sep 28 10:07:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 99886 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 77908A0032; Tue, 28 Sep 2021 12:09:01 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 69917410E4; Tue, 28 Sep 2021 12:09:01 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 639A1410D7 for ; Tue, 28 Sep 2021 12:08:56 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18SA6Txt002880; Tue, 28 Sep 2021 03:08:55 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=7zQb45r5y0i3bFSTc9gOKvTP/UYxWbO9zyv3O/5/siA=; b=LJ3igttKM9QEI1vfPKRjTuFdnPjz1+HctK+gzhgwWvAUry5QpShIZFm2XTcFPa/9lOMP 89vdddqxAOZ69yXlC9M8nwjpGpviePKhuOzSExyTfLg+MAJgL8O+x3Xk5hAHPfadmeUI 50y/h0V3PwOIZ/6bSDM0W983P8IEMEgBmNfXB/vvci7cyeE9IwjCElg5QsU291T+eoSc 16/LsjaMYLB8lKaq4X6SzfItoEXTYB8b2cPLX5jW0a6bO9t5V67T5W7tVcWzGgbe0Hdl mY+SeZno0F2nzLitSykqN/D4cLrRBolbBViYnwh3lvEqdGd6XQ6fS7zfNYlolwjETv1H JQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com with ESMTP id 3bbdmjv9r3-13 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 28 Sep 2021 03:08:55 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 28 Sep 2021 03:08:15 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 28 Sep 2021 03:08:15 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 2B3013F707E; Tue, 28 Sep 2021 03:08:10 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Gagandeep Singh , Date: Tue, 28 Sep 2021 15:37:37 +0530 Message-ID: <1632823662-384-3-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1632823662-384-1-git-send-email-anoobj@marvell.com> References: <1631032372-275-1-git-send-email-anoobj@marvell.com> <1632823662-384-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: 85KNxRmr1kXu4SWvJJy2l8OmSeCNUKiY X-Proofpoint-ORIG-GUID: 85KNxRmr1kXu4SWvJJy2l8OmSeCNUKiY X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-28_05,2021-09-28_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v3 2/6] common/cnxk: support lifetime configuration X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add support for SA lifetime configuration. Expiry can be either in units of octets or packets. Also, updated cryptodev dequeue path to update crypto op result to indicate soft expiry. Signed-off-by: Anoob Joseph --- drivers/common/cnxk/cnxk_security.c | 70 +++++++++++++++++++++++++++++++ drivers/crypto/cnxk/cn10k_cryptodev_ops.c | 48 ++++++++++++++++----- drivers/crypto/cnxk/cn9k_ipsec.c | 6 ++- 3 files changed, 112 insertions(+), 12 deletions(-) diff --git a/drivers/common/cnxk/cnxk_security.c b/drivers/common/cnxk/cnxk_security.c index 4f7fd1b..215d9fd 100644 --- a/drivers/common/cnxk/cnxk_security.c +++ b/drivers/common/cnxk/cnxk_security.c @@ -161,6 +161,26 @@ ot_ipsec_sa_common_param_fill(union roc_ot_ipsec_sa_word2 *w2, return -EINVAL; } + if (ipsec_xfrm->life.packets_soft_limit != 0 || + ipsec_xfrm->life.packets_hard_limit != 0) { + if (ipsec_xfrm->life.bytes_soft_limit != 0 || + ipsec_xfrm->life.bytes_hard_limit != 0) { + plt_err("Expiry tracking with both packets & bytes is not supported"); + return -EINVAL; + } + w2->s.life_unit = ROC_IE_OT_SA_LIFE_UNIT_PKTS; + } + + if (ipsec_xfrm->life.bytes_soft_limit != 0 || + ipsec_xfrm->life.bytes_hard_limit != 0) { + if (ipsec_xfrm->life.packets_soft_limit != 0 || + ipsec_xfrm->life.packets_hard_limit != 0) { + plt_err("Expiry tracking with both packets & bytes is not supported"); + return -EINVAL; + } + w2->s.life_unit = ROC_IE_OT_SA_LIFE_UNIT_OCTETS; + } + return 0; } @@ -236,6 +256,31 @@ cnxk_ot_ipsec_inb_sa_fill(struct roc_ot_ipsec_inb_sa *sa, ROC_CTX_UNIT_128B) - 1; + /** + * CPT MC triggers expiry when counter value changes from 2 to 1. To + * mitigate this behaviour add 1 to the life counter values provided. + */ + + if (ipsec_xfrm->life.bytes_soft_limit) { + sa->ctx.soft_life = ipsec_xfrm->life.bytes_soft_limit + 1; + sa->w0.s.soft_life_dec = 1; + } + + if (ipsec_xfrm->life.packets_soft_limit) { + sa->ctx.soft_life = ipsec_xfrm->life.packets_soft_limit + 1; + sa->w0.s.soft_life_dec = 1; + } + + if (ipsec_xfrm->life.bytes_hard_limit) { + sa->ctx.hard_life = ipsec_xfrm->life.bytes_hard_limit + 1; + sa->w0.s.hard_life_dec = 1; + } + + if (ipsec_xfrm->life.packets_hard_limit) { + sa->ctx.hard_life = ipsec_xfrm->life.packets_hard_limit + 1; + sa->w0.s.hard_life_dec = 1; + } + /* There are two words of CPT_CTX_HW_S for ucode to skip */ sa->w0.s.ctx_hdr_size = 1; sa->w0.s.aop_valid = 1; @@ -360,6 +405,31 @@ cnxk_ot_ipsec_outb_sa_fill(struct roc_ot_ipsec_outb_sa *sa, /* IPID gen */ sa->w2.s.ipid_gen = 1; + /** + * CPT MC triggers expiry when counter value changes from 2 to 1. To + * mitigate this behaviour add 1 to the life counter values provided. + */ + + if (ipsec_xfrm->life.bytes_soft_limit) { + sa->ctx.soft_life = ipsec_xfrm->life.bytes_soft_limit + 1; + sa->w0.s.soft_life_dec = 1; + } + + if (ipsec_xfrm->life.packets_soft_limit) { + sa->ctx.soft_life = ipsec_xfrm->life.packets_soft_limit + 1; + sa->w0.s.soft_life_dec = 1; + } + + if (ipsec_xfrm->life.bytes_hard_limit) { + sa->ctx.hard_life = ipsec_xfrm->life.bytes_hard_limit + 1; + sa->w0.s.hard_life_dec = 1; + } + + if (ipsec_xfrm->life.packets_hard_limit) { + sa->ctx.hard_life = ipsec_xfrm->life.packets_hard_limit + 1; + sa->w0.s.hard_life_dec = 1; + } + /* There are two words of CPT_CTX_HW_S for ucode to skip */ sa->w0.s.ctx_hdr_size = 1; sa->w0.s.aop_valid = 1; diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c index 3a1a4a2..3caf05a 100644 --- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c +++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c @@ -348,12 +348,44 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, struct cpt_inflight_req *infl_req) { struct cpt_cn10k_res_s *res = (struct cpt_cn10k_res_s *)&infl_req->res; + const uint8_t uc_compcode = res->uc_compcode; + const uint8_t compcode = res->compcode; unsigned int sz; - if (likely(res->compcode == CPT_COMP_GOOD || - res->compcode == CPT_COMP_WARN)) { - if (unlikely(res->uc_compcode)) { - if (res->uc_compcode == ROC_SE_ERR_GC_ICV_MISCOMPARE) + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + + if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC && + cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + if (likely(compcode == CPT_COMP_WARN)) { + if (unlikely(uc_compcode != ROC_IE_OT_UCC_SUCCESS)) { + /* Success with additional info */ + switch (uc_compcode) { + case ROC_IE_OT_UCC_SUCCESS_SA_SOFTEXP_FIRST: + cop->aux_flags = + RTE_CRYPTO_OP_AUX_FLAGS_IPSEC_SOFT_EXPIRY; + break; + default: + break; + } + } + cn10k_cpt_sec_post_process(cop, res); + } else { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + plt_dp_info("HW completion code 0x%x", res->compcode); + if (compcode == CPT_COMP_GOOD) { + plt_dp_info( + "Request failed with microcode error"); + plt_dp_info("MC completion code 0x%x", + uc_compcode); + } + } + + return; + } + + if (likely(compcode == CPT_COMP_GOOD || compcode == CPT_COMP_WARN)) { + if (unlikely(uc_compcode)) { + if (uc_compcode == ROC_SE_ERR_GC_ICV_MISCOMPARE) cop->status = RTE_CRYPTO_OP_STATUS_AUTH_FAILED; else cop->status = RTE_CRYPTO_OP_STATUS_ERROR; @@ -364,13 +396,7 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, goto temp_sess_free; } - cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; if (cop->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { - if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { - cn10k_cpt_sec_post_process(cop, res); - return; - } - /* Verify authentication data if required */ if (unlikely(infl_req->op_flags & CPT_OP_FLAGS_AUTH_VERIFY)) { @@ -392,7 +418,7 @@ cn10k_cpt_dequeue_post_process(struct cnxk_cpt_qp *qp, cop->status = RTE_CRYPTO_OP_STATUS_ERROR; plt_dp_info("HW completion code 0x%x", res->compcode); - switch (res->compcode) { + switch (compcode) { case CPT_COMP_INSTERR: plt_dp_err("Request failed with instruction error"); break; diff --git a/drivers/crypto/cnxk/cn9k_ipsec.c b/drivers/crypto/cnxk/cn9k_ipsec.c index 0b63cc4..63ae025 100644 --- a/drivers/crypto/cnxk/cn9k_ipsec.c +++ b/drivers/crypto/cnxk/cn9k_ipsec.c @@ -485,7 +485,11 @@ cn9k_ipsec_inb_sa_create(struct cnxk_cpt_qp *qp, static inline int cn9k_ipsec_xform_verify(struct rte_security_ipsec_xform *ipsec) { - RTE_SET_USED(ipsec); + if (ipsec->life.bytes_hard_limit != 0 || + ipsec->life.bytes_soft_limit != 0 || + ipsec->life.packets_hard_limit != 0 || + ipsec->life.packets_soft_limit != 0) + return -ENOTSUP; return 0; } From patchwork Tue Sep 28 10:07:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 99887 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 36F9BA0032; Tue, 28 Sep 2021 12:09:07 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7E1BB410F1; Tue, 28 Sep 2021 12:09:02 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 987F0410DC for ; Tue, 28 Sep 2021 12:08:56 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18SA6Csb002655; Tue, 28 Sep 2021 03:08:56 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=amr2nD1qtpjjuJEfKj5t+CLAVdz+XWKUWepuXGc8tVA=; b=EbxnMqVbGreGbvBtlcBK/qqcxbeOohdNG58BWiTMOFnTC7tPOQTC9hxJlQNaXAZm1NUO FEG6sUpd9ODCrXwXjqAbA/gSJd6CK/l7oEP4rhZtrLaxCGZ+GN7XBHvghWkiZbKCueKD vHD63Olq2D7Q/PeEEV6Y0aKIONB8WV282xQe7abeT385UyTFBgmRFOAiTOCCoNR97pNJ eIREZ2U62ZdQLXhgpdw6wDgtbv7bHcLSySrsvuE4Xkj4yfnjJki/yaMlninSU2BPuPoL OWYrHahDKagqkehExzFR34UMHafdpkjcpKMOfakOj0qVg73X6LtZ5sRYe81vmWdj9wP8 DQ== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3bbdmjv9x8-13 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 28 Sep 2021 03:08:55 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 28 Sep 2021 03:08:21 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 28 Sep 2021 03:08:21 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 0CE963F709A; Tue, 28 Sep 2021 03:08:16 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Gagandeep Singh , Date: Tue, 28 Sep 2021 15:37:38 +0530 Message-ID: <1632823662-384-4-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1632823662-384-1-git-send-email-anoobj@marvell.com> References: <1631032372-275-1-git-send-email-anoobj@marvell.com> <1632823662-384-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: TYVeCkkop6rgABpD1DH_SNx3SGZonUwY X-Proofpoint-ORIG-GUID: TYVeCkkop6rgABpD1DH_SNx3SGZonUwY X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-28_05,2021-09-28_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v3 3/6] crypto/octeontx2: add checks for life configuration X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Lifetime tracking is not supported by hardware and is not implemented in software either. Return failure when lifetime is configured. Signed-off-by: Anoob Joseph --- drivers/crypto/octeontx2/otx2_ipsec_po.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/crypto/octeontx2/otx2_ipsec_po.h b/drivers/crypto/octeontx2/otx2_ipsec_po.h index b3e7456..b61c5e0 100644 --- a/drivers/crypto/octeontx2/otx2_ipsec_po.h +++ b/drivers/crypto/octeontx2/otx2_ipsec_po.h @@ -293,6 +293,12 @@ ipsec_po_xform_verify(struct rte_security_ipsec_xform *ipsec, struct rte_crypto_sym_xform *auth_xform, *cipher_xform; int ret; + if (ipsec->life.bytes_hard_limit != 0 || + ipsec->life.bytes_soft_limit != 0 || + ipsec->life.packets_hard_limit != 0 || + ipsec->life.packets_soft_limit != 0) + return -ENOTSUP; + if (xform->type == RTE_CRYPTO_SYM_XFORM_AEAD) return ipsec_po_xform_aead_verify(ipsec, xform); From patchwork Tue Sep 28 10:07:39 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 99888 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C534EA0032; Tue, 28 Sep 2021 12:09:12 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7D227410F7; Tue, 28 Sep 2021 12:09:03 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 20C72410D7 for ; Tue, 28 Sep 2021 12:08:57 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18SA6Csc002655; Tue, 28 Sep 2021 03:08:56 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=fj3jp5GhbSyLNAOq+4hsof2I2m+g+sonBX0f8eEmbDU=; b=hkebA2rjKZaJxvddudCbLcXPR0JyDmT+phJA/bgMEoA09yLWriFk61NJ/H5IjAQICrru qHNq/crhBDTT1RaHObWSQ8Jv7mAVLTZZDQACbjYbLOozYBcWSgwjnkzEqi98IAzPFhj5 GVXwxeyWr3tTDvsAVA+QlQHAvj8Q5nz+G5LgsSxTIU3OmvQZwgWl6Pz75l85wLkV1XjH 6hu6iFWn6rrIRHYa/TFYLkQTwTAEb8XmWao0c3kKbh4AcnqdgvnqNQd5+9moVZG46J+J sQ4Q7GrggwWydg8zFJ0ACr/w0nRDerQ5YJpX9uBNTvtLZo84Wt+JhDTit0sOgTsEvjDO ag== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3bbdmjv9x8-14 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 28 Sep 2021 03:08:56 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 28 Sep 2021 03:08:28 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 28 Sep 2021 03:08:28 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 309B93F7040; Tue, 28 Sep 2021 03:08:22 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Gagandeep Singh , Date: Tue, 28 Sep 2021 15:37:39 +0530 Message-ID: <1632823662-384-5-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1632823662-384-1-git-send-email-anoobj@marvell.com> References: <1631032372-275-1-git-send-email-anoobj@marvell.com> <1632823662-384-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: El25elNbCNSQMsEZChF7G6Jkw8Scry-F X-Proofpoint-ORIG-GUID: El25elNbCNSQMsEZChF7G6Jkw8Scry-F X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-28_05,2021-09-28_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v3 4/6] test/crypto: add packets soft expiry tests X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add tests to validate packets soft expiry handling. Signed-off-by: Anoob Joseph --- app/test/test_cryptodev.c | 21 +++++++++++++++++++-- app/test/test_cryptodev_security_ipsec.c | 18 ++++++++++++++++-- app/test/test_cryptodev_security_ipsec.h | 4 +++- 3 files changed, 38 insertions(+), 5 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index f57a1a4..1befbeb 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9045,7 +9045,7 @@ test_ipsec_proto_process(const struct ipsec_test_data td[], /* Process crypto operation */ process_crypto_request(dev_id, ut_params->op); - ret = test_ipsec_status_check(ut_params->op, flags, dir); + ret = test_ipsec_status_check(ut_params->op, flags, dir, i + 1); if (ret != TEST_SUCCESS) goto crypto_op_free; @@ -9115,7 +9115,8 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags) unsigned int i, nb_pkts = 1, pass_cnt = 0; int ret; - if (flags->iv_gen) + if (flags->iv_gen || + flags->sa_expiry_pkts_soft) nb_pkts = IPSEC_TEST_PACKETS_MAX; for (i = 0; i < RTE_DIM(aead_list); i++) { @@ -9180,6 +9181,18 @@ test_ipsec_proto_iv_gen(const void *data __rte_unused) } static int +test_ipsec_proto_sa_exp_pkts_soft(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.sa_expiry_pkts_soft = true; + + return test_ipsec_proto_all(&flags); +} + +static int test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused) { struct ipsec_test_flags flags; @@ -14136,6 +14149,10 @@ static struct unit_test_suite ipsec_proto_testsuite = { ut_setup_security, ut_teardown, test_ipsec_proto_udp_encap), TEST_CASE_NAMED_ST( + "SA expiry packets soft", + ut_setup_security, ut_teardown, + test_ipsec_proto_sa_exp_pkts_soft), + TEST_CASE_NAMED_ST( "Negative test: ICV corruption", ut_setup_security, ut_teardown, test_ipsec_proto_err_icv_corrupt), diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index f371b15..56a44b5 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -173,6 +173,10 @@ test_ipsec_td_prepare(const struct crypto_param *param1, if (flags->iv_gen) td->ipsec_xform.options.iv_gen_disable = 0; + + if (flags->sa_expiry_pkts_soft) + td->ipsec_xform.life.packets_soft_limit = + IPSEC_TEST_PACKETS_MAX - 1; } RTE_SET_USED(param2); @@ -395,7 +399,8 @@ test_ipsec_post_process(struct rte_mbuf *m, const struct ipsec_test_data *td, int test_ipsec_status_check(struct rte_crypto_op *op, const struct ipsec_test_flags *flags, - enum rte_security_ipsec_sa_direction dir) + enum rte_security_ipsec_sa_direction dir, + int pkt_num) { int ret = TEST_SUCCESS; @@ -406,7 +411,16 @@ test_ipsec_status_check(struct rte_crypto_op *op, } } else { if (op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) { - printf("Security op processing failed\n"); + printf("Security op processing failed [pkt_num: %d]\n", + pkt_num); + ret = TEST_FAILED; + } + } + + if (flags->sa_expiry_pkts_soft && pkt_num == IPSEC_TEST_PACKETS_MAX) { + if (!(op->aux_flags & + RTE_CRYPTO_OP_AUX_FLAGS_IPSEC_SOFT_EXPIRY)) { + printf("SA soft expiry (pkts) test failed\n"); ret = TEST_FAILED; } } diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index e1645f4..eed3476 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -49,6 +49,7 @@ struct ipsec_test_data { struct ipsec_test_flags { bool display_alg; + bool sa_expiry_pkts_soft; bool icv_corrupt; bool iv_gen; bool udp_encap; @@ -114,6 +115,7 @@ int test_ipsec_post_process(struct rte_mbuf *m, int test_ipsec_status_check(struct rte_crypto_op *op, const struct ipsec_test_flags *flags, - enum rte_security_ipsec_sa_direction dir); + enum rte_security_ipsec_sa_direction dir, + int pkt_num); #endif From patchwork Tue Sep 28 10:07:40 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 99889 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 675B0A0032; Tue, 28 Sep 2021 12:09:18 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9FB43410FE; Tue, 28 Sep 2021 12:09:04 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 9F18C410D7 for ; Tue, 28 Sep 2021 12:08:57 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18SA6Csd002655; Tue, 28 Sep 2021 03:08:57 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=gJ8//O5y2ygAxM/MryI/IwlzlF+8MkMg0JRqyDsqJKY=; b=JAM3JRs7QSs1dbhzcWrzOj6uRHRRMG/MYYQ8Yh3qufBqGFjFg/EAkS8irtQcaEW5JwJl JOn7BZQJba8uCk56WhCJOBFhxEh/QcqNrbHNKxCktwycgVy9BJC2neYMFFt2r/VUyoVn d+VdY4KfoUWBUXo8ubMY7DccpDAX2R4KjkD95Ywz18Kn+LGhc2TQtiWaXxi4cHYxjo2o LNqFDjt16RJYSfDkRih89fUVvnq9OHzbk+uZBOr/jWXmXUXqtDAI0xHGXpMVFVglvchQ YEfIw2QPT9EtQyrDyFnqNgXX0WjbJ5keVlUXKrYNUl7Q/TvscVcCwJju10OLKkjZtESE Pw== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com with ESMTP id 3bbdmjv9x8-15 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 28 Sep 2021 03:08:56 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 28 Sep 2021 03:08:35 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 28 Sep 2021 03:08:35 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 3303D3F707D; Tue, 28 Sep 2021 03:08:30 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Gagandeep Singh , Date: Tue, 28 Sep 2021 15:37:40 +0530 Message-ID: <1632823662-384-6-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1632823662-384-1-git-send-email-anoobj@marvell.com> References: <1631032372-275-1-git-send-email-anoobj@marvell.com> <1632823662-384-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: 94I6TM9uORrThZ9981lQVCe5hCQryoMd X-Proofpoint-ORIG-GUID: 94I6TM9uORrThZ9981lQVCe5hCQryoMd X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-28_05,2021-09-28_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v3 5/6] test/crypto: add packets hard expiry tests X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add tests to validate packets hard expiry handling. Signed-off-by: Anoob Joseph --- app/test/test_cryptodev.c | 19 ++++++++++++++++++- app/test/test_cryptodev_security_ipsec.c | 22 +++++++++++++++++++--- app/test/test_cryptodev_security_ipsec.h | 1 + 3 files changed, 38 insertions(+), 4 deletions(-) diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c index 1befbeb..34b55a9 100644 --- a/app/test/test_cryptodev.c +++ b/app/test/test_cryptodev.c @@ -9116,7 +9116,8 @@ test_ipsec_proto_all(const struct ipsec_test_flags *flags) int ret; if (flags->iv_gen || - flags->sa_expiry_pkts_soft) + flags->sa_expiry_pkts_soft || + flags->sa_expiry_pkts_hard) nb_pkts = IPSEC_TEST_PACKETS_MAX; for (i = 0; i < RTE_DIM(aead_list); i++) { @@ -9193,6 +9194,18 @@ test_ipsec_proto_sa_exp_pkts_soft(const void *data __rte_unused) } static int +test_ipsec_proto_sa_exp_pkts_hard(const void *data __rte_unused) +{ + struct ipsec_test_flags flags; + + memset(&flags, 0, sizeof(flags)); + + flags.sa_expiry_pkts_hard = true; + + return test_ipsec_proto_all(&flags); +} + +static int test_ipsec_proto_err_icv_corrupt(const void *data __rte_unused) { struct ipsec_test_flags flags; @@ -14153,6 +14166,10 @@ static struct unit_test_suite ipsec_proto_testsuite = { ut_setup_security, ut_teardown, test_ipsec_proto_sa_exp_pkts_soft), TEST_CASE_NAMED_ST( + "SA expiry packets hard", + ut_setup_security, ut_teardown, + test_ipsec_proto_sa_exp_pkts_hard), + TEST_CASE_NAMED_ST( "Negative test: ICV corruption", ut_setup_security, ut_teardown, test_ipsec_proto_err_icv_corrupt), diff --git a/app/test/test_cryptodev_security_ipsec.c b/app/test/test_cryptodev_security_ipsec.c index 56a44b5..046536c 100644 --- a/app/test/test_cryptodev_security_ipsec.c +++ b/app/test/test_cryptodev_security_ipsec.c @@ -200,6 +200,10 @@ test_ipsec_td_update(struct ipsec_test_data td_inb[], td_inb[i].input_text.data[icv_pos] += 1; } + if (flags->sa_expiry_pkts_hard) + td_inb[i].ipsec_xform.life.packets_hard_limit = + IPSEC_TEST_PACKETS_MAX - 1; + if (flags->udp_encap) td_inb[i].ipsec_xform.options.udp_encap = 1; @@ -285,9 +289,10 @@ test_ipsec_td_verify(struct rte_mbuf *m, const struct ipsec_test_data *td, uint8_t *output_text = rte_pktmbuf_mtod(m, uint8_t *); uint32_t skip, len = rte_pktmbuf_pkt_len(m); - /* For negative tests, no need to do verification */ - if (flags->icv_corrupt && - td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) + /* For tests with status as error for test success, skip verification */ + if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && + (flags->icv_corrupt || + flags->sa_expiry_pkts_hard)) return TEST_SUCCESS; if (td->ipsec_xform.direction == RTE_SECURITY_IPSEC_SA_DIR_EGRESS && @@ -404,6 +409,17 @@ test_ipsec_status_check(struct rte_crypto_op *op, { int ret = TEST_SUCCESS; + if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && + flags->sa_expiry_pkts_hard && + pkt_num == IPSEC_TEST_PACKETS_MAX) { + if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) { + printf("SA hard expiry (pkts) test failed\n"); + return TEST_FAILED; + } else { + return TEST_SUCCESS; + } + } + if (dir == RTE_SECURITY_IPSEC_SA_DIR_INGRESS && flags->icv_corrupt) { if (op->status != RTE_CRYPTO_OP_STATUS_ERROR) { printf("ICV corruption test case failed\n"); diff --git a/app/test/test_cryptodev_security_ipsec.h b/app/test/test_cryptodev_security_ipsec.h index eed3476..18f3c64 100644 --- a/app/test/test_cryptodev_security_ipsec.h +++ b/app/test/test_cryptodev_security_ipsec.h @@ -50,6 +50,7 @@ struct ipsec_test_data { struct ipsec_test_flags { bool display_alg; bool sa_expiry_pkts_soft; + bool sa_expiry_pkts_hard; bool icv_corrupt; bool iv_gen; bool udp_encap; From patchwork Tue Sep 28 10:07:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 99890 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D2694A0032; Tue, 28 Sep 2021 12:09:23 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id AC62741104; Tue, 28 Sep 2021 12:09:05 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 72597410E8 for ; Tue, 28 Sep 2021 12:08:58 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18SA6Txu002880; Tue, 28 Sep 2021 03:08:57 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=IrYuK6YiLd+anmqUqQGaXMhspE2jzGhUCI4FjoF5hwE=; b=FIMXr9qb8DYIw5gtONck4y3RXslJTghZe96qWOBwVQIHzYYqULZrlvY7l5Ac0O9rFR3Q wGvDrmzo4zKRPKRteLqm8YjG1167Y4RZnzhN9dx3CnVbxE7omz4GohLBhq7iEK5+kXMz GrvcNzMRI5gvqHd4ctwlOtEcsxZily3GTPJxWpW33D03vMpA/hBaKKUTVTyllsyIInXq 4jSh0Wn7pp8y25WQKtfUMPhrqiVnJsfUm5bOMuWrkAKDa2tS/cNpDmX+IcuOTu14TB2i iI9zGBexE3h+4AZ2YkJ27bBXlnT0SRv9p5rWBMvGFFqEIZXPEd2ZNMHQbN+vAzG3YaVO tQ== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com with ESMTP id 3bbdmjv9r3-20 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 28 Sep 2021 03:08:57 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Tue, 28 Sep 2021 03:08:41 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Tue, 28 Sep 2021 03:08:41 -0700 Received: from HY-LT1002.marvell.com (HY-LT1002.marvell.com [10.28.176.218]) by maili.marvell.com (Postfix) with ESMTP id 743EC3F7040; Tue, 28 Sep 2021 03:08:37 -0700 (PDT) From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Fan Zhang , "Konstantin Ananyev" CC: Anoob Joseph , Jerin Jacob , Archana Muniganti , Tejasree Kondoj , Hemant Agrawal , "Radu Nicolau" , Ciara Power , Gagandeep Singh , Date: Tue, 28 Sep 2021 15:37:41 +0530 Message-ID: <1632823662-384-7-git-send-email-anoobj@marvell.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1632823662-384-1-git-send-email-anoobj@marvell.com> References: <1631032372-275-1-git-send-email-anoobj@marvell.com> <1632823662-384-1-git-send-email-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: Ro27sOSm0I51I3P-KmfYJb3FPdSrL5f5 X-Proofpoint-ORIG-GUID: Ro27sOSm0I51I3P-KmfYJb3FPdSrL5f5 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-28_05,2021-09-28_01,2020-04-07_01 Subject: [dpdk-dev] [PATCH v3 6/6] examples/ipsec-secgw: clear soft expiry configuration X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Soft expiry is not a mandatory IPsec feature. It is verified separately with IPsec unit tests. So configuration of the same is not required. Also, soft expiry tracking can cause perf degradation with some PMDs. Since a separate UT is available and the same setting in ipsec-secgw is not verifying the functionality, remove the same by clearing life configuration. Signed-off-by: Anoob Joseph --- examples/ipsec-secgw/ipsec.c | 1 - examples/ipsec-secgw/ipsec.h | 2 -- 2 files changed, 3 deletions(-) diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c index 4868294..6817139 100644 --- a/examples/ipsec-secgw/ipsec.c +++ b/examples/ipsec-secgw/ipsec.c @@ -49,7 +49,6 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec) } /* TODO support for Transport */ } - ipsec->life.packets_soft_limit = IPSEC_OFFLOAD_PKTS_SOFTLIMIT; ipsec->replay_win_sz = app_sa_prm.window_size; ipsec->options.esn = app_sa_prm.enable_esn; ipsec->options.udp_encap = sa->udp_encap; diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h index 90c81c1..8405c48 100644 --- a/examples/ipsec-secgw/ipsec.h +++ b/examples/ipsec-secgw/ipsec.h @@ -23,8 +23,6 @@ #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */ -#define IPSEC_OFFLOAD_PKTS_SOFTLIMIT 0xffffff00 - #define IV_OFFSET (sizeof(struct rte_crypto_op) + \ sizeof(struct rte_crypto_sym_op))