[PATCH 1/3] app/crypto-perf: use right API to free session

[PATCH 1/3] app/crypto-perf: use right API to free session

[Anoob Joseph]

Use the right API for session freeing. Sessions can be asymmetric,
symmetric or security.

Fixes: 28dde5da503e ("app/crypto-perf: support lookaside IPsec")
Fixes: a538d1d2d01e ("test/crypto-perf: extend asymmetric crypto throughput test")

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 app/test-crypto-perf/cperf_test_latency.c | 27 +++++++++++++++++------
 app/test-crypto-perf/cperf_test_verify.c  | 25 ++++++++++++++++-----
 2 files changed, 39 insertions(+), 13 deletions(-)

diff --git a/app/test-crypto-perf/cperf_test_latency.c b/app/test-crypto-perf/cperf_test_latency.c
index 49bf421c01..406e082e4e 100644
--- a/app/test-crypto-perf/cperf_test_latency.c
+++ b/app/test-crypto-perf/cperf_test_latency.c
@@ -43,15 +43,28 @@ struct priv_op_data {
 static void
 cperf_latency_test_free(struct cperf_latency_ctx *ctx)
 {
-	if (ctx) {
-		if (ctx->sess)
-			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
-
-		rte_mempool_free(ctx->pool);
+	if (ctx == NULL)
+		return;
 
-		rte_free(ctx->res);
-		rte_free(ctx);
+	if (ctx->sess != NULL) {
+		if (ctx->options->op_type == CPERF_ASYM_MODEX)
+			rte_cryptodev_asym_session_free(ctx->dev_id, ctx->sess);
+#ifdef RTE_LIB_SECURITY
+		else if (ctx->options->op_type == CPERF_PDCP ||
+			 ctx->options->op_type == CPERF_DOCSIS ||
+			 ctx->options->op_type == CPERF_IPSEC) {
+			struct rte_security_ctx *sec_ctx =
+				rte_cryptodev_get_sec_ctx(ctx->dev_id);
+			rte_security_session_destroy(sec_ctx, ctx->sess);
+		}
+#endif
+		else
+			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
 	}
+
+	rte_mempool_free(ctx->pool);
+	rte_free(ctx->res);
+	rte_free(ctx);
 }
 
 void *
diff --git a/app/test-crypto-perf/cperf_test_verify.c b/app/test-crypto-perf/cperf_test_verify.c
index c03e1d5ba5..8042c94e04 100644
--- a/app/test-crypto-perf/cperf_test_verify.c
+++ b/app/test-crypto-perf/cperf_test_verify.c
@@ -38,14 +38,27 @@ struct cperf_op_result {
 static void
 cperf_verify_test_free(struct cperf_verify_ctx *ctx)
 {
-	if (ctx) {
-		if (ctx->sess)
-			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
-
-		rte_mempool_free(ctx->pool);
+	if (ctx == NULL)
+		return;
 
-		rte_free(ctx);
+	if (ctx->sess != NULL) {
+		if (ctx->options->op_type == CPERF_ASYM_MODEX)
+			rte_cryptodev_asym_session_free(ctx->dev_id, ctx->sess);
+#ifdef RTE_LIB_SECURITY
+		else if (ctx->options->op_type == CPERF_PDCP ||
+			 ctx->options->op_type == CPERF_DOCSIS ||
+			 ctx->options->op_type == CPERF_IPSEC) {
+			struct rte_security_ctx *sec_ctx =
+				rte_cryptodev_get_sec_ctx(ctx->dev_id);
+			rte_security_session_destroy(sec_ctx, ctx->sess);
+		}
+#endif
+		else
+			rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
 	}
+
+	rte_mempool_free(ctx->pool);
+	rte_free(ctx);
 }
 
 void *
-- 
2.25.1

[PATCH 2/3] app/crypto-perf: fix invalid SPI

[Anoob Joseph]

As per IPsec specification (RFC 4303) SPI zero is reserved. Using
lcore_id directly would mean SPI 0 would also be attempted. This may
lead to failure on an otherwise compliant implementation.

Fixes: 28dde5da503e ("app/crypto-perf: support lookaside IPsec")

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 app/test-crypto-perf/cperf_ops.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 61a3967697..4a1c9feb1c 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -722,7 +722,7 @@ create_ipsec_session(struct rte_mempool *sess_mp,
 		.action_type = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
 		.protocol = RTE_SECURITY_PROTOCOL_IPSEC,
 		{.ipsec = {
-			.spi = rte_lcore_id(),
+			.spi = rte_lcore_id() + 1,
 			/**< For testing sake, lcore_id is taken as SPI so that
 			 * for every core a different session is created.
 			 */
-- 
2.25.1

[PATCH 3/3] app/crypto-perf: fix IPsec direction

[Anoob Joseph]

The default value of options->auth_op & options->cipher_op are such that
an unconditional check for the same would always return true. Hence, the
direction is always determined to be outbound/egress.

The field options->aead_algo should be checked prior to checking above
fields. Since the same check would be required in datapath, introduce a
new flag in options for the same.

Fixes: 28dde5da503e ("app/crypto-perf: support lookaside IPsec")

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
 app/test-crypto-perf/cperf_ops.c             | 35 +++++++++++---------
 app/test-crypto-perf/cperf_options.h         |  1 +
 app/test-crypto-perf/cperf_options_parsing.c | 15 +++++++++
 3 files changed, 35 insertions(+), 16 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 4a1c9feb1c..93b9bfb240 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -42,8 +42,7 @@ test_ipsec_vec_populate(struct rte_mbuf *m, const struct cperf_options *options,
 {
 	struct rte_ipv4_hdr *ip = rte_pktmbuf_mtod(m, struct rte_ipv4_hdr *);
 
-	if ((options->aead_op == RTE_CRYPTO_AEAD_OP_ENCRYPT) ||
-		(options->cipher_op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)) {
+	if (options->is_outbound) {
 		memcpy(ip, test_vector->plaintext.data,
 		       sizeof(struct rte_ipv4_hdr));
 
@@ -645,8 +644,9 @@ create_ipsec_session(struct rte_mempool *sess_mp,
 		const struct cperf_test_vector *test_vector,
 		uint16_t iv_offset)
 {
-	struct rte_crypto_sym_xform xform = {0};
 	struct rte_crypto_sym_xform auth_xform = {0};
+	struct rte_crypto_sym_xform *crypto_xform;
+	struct rte_crypto_sym_xform xform = {0};
 
 	if (options->aead_algo != 0) {
 		/* Setup AEAD Parameters */
@@ -660,10 +660,10 @@ create_ipsec_session(struct rte_mempool *sess_mp,
 		xform.aead.iv.length = test_vector->aead_iv.length;
 		xform.aead.digest_length = options->digest_sz;
 		xform.aead.aad_length = options->aead_aad_sz;
+		crypto_xform = &xform;
 	} else if (options->cipher_algo != 0 && options->auth_algo != 0) {
 		/* Setup Cipher Parameters */
 		xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
-		xform.next = NULL;
 		xform.cipher.algo = options->cipher_algo;
 		xform.cipher.op = options->cipher_op;
 		xform.cipher.iv.offset = iv_offset;
@@ -680,7 +680,6 @@ create_ipsec_session(struct rte_mempool *sess_mp,
 
 		/* Setup Auth Parameters */
 		auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
-		auth_xform.next = NULL;
 		auth_xform.auth.algo = options->auth_algo;
 		auth_xform.auth.op = options->auth_op;
 		auth_xform.auth.iv.offset = iv_offset +
@@ -699,7 +698,15 @@ create_ipsec_session(struct rte_mempool *sess_mp,
 			auth_xform.auth.iv.length = 0;
 		}
 
-		xform.next = &auth_xform;
+		if (options->is_outbound) {
+			crypto_xform = &xform;
+			xform.next = &auth_xform;
+			auth_xform.next = NULL;
+		} else {
+			crypto_xform = &auth_xform;
+			auth_xform.next = &xform;
+			xform.next = NULL;
+		}
 	} else {
 		return NULL;
 	}
@@ -729,23 +736,19 @@ create_ipsec_session(struct rte_mempool *sess_mp,
 			.salt = CPERF_IPSEC_SALT,
 			.options = { 0 },
 			.replay_win_sz = 0,
-			.direction =
-				((options->cipher_op ==
-					RTE_CRYPTO_CIPHER_OP_ENCRYPT) &&
-				(options->auth_op ==
-					RTE_CRYPTO_AUTH_OP_GENERATE)) ||
-				(options->aead_op ==
-					RTE_CRYPTO_AEAD_OP_ENCRYPT) ?
-				RTE_SECURITY_IPSEC_SA_DIR_EGRESS :
-				RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
 			.proto = RTE_SECURITY_IPSEC_SA_PROTO_ESP,
 			.mode = RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
 			.tunnel = tunnel,
 		} },
 		.userdata = NULL,
-		.crypto_xform = &xform
+		.crypto_xform = crypto_xform,
 	};
 
+	if (options->is_outbound)
+		sess_conf.ipsec.direction = RTE_SECURITY_IPSEC_SA_DIR_EGRESS;
+	else
+		sess_conf.ipsec.direction = RTE_SECURITY_IPSEC_SA_DIR_INGRESS;
+
 	struct rte_security_ctx *ctx = (struct rte_security_ctx *)
 				rte_cryptodev_get_sec_ctx(dev_id);
 
diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h
index 613d6d31e2..6966e0b286 100644
--- a/app/test-crypto-perf/cperf_options.h
+++ b/app/test-crypto-perf/cperf_options.h
@@ -105,6 +105,7 @@ struct cperf_options {
 	uint32_t out_of_place:1;
 	uint32_t silent:1;
 	uint32_t csv:1;
+	uint32_t is_outbound:1;
 
 	enum rte_crypto_cipher_algorithm cipher_algo;
 	enum rte_crypto_cipher_operation cipher_op;
diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index bc5e312c81..cb91bcc3c5 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -1318,6 +1318,21 @@ cperf_options_check(struct cperf_options *options)
 		if (check_docsis_buffer_length(options) < 0)
 			return -EINVAL;
 	}
+
+	if (options->op_type == CPERF_IPSEC) {
+		if (options->aead_algo) {
+			if (options->aead_op == RTE_CRYPTO_AEAD_OP_ENCRYPT)
+				options->is_outbound = 1;
+			else
+				options->is_outbound = 0;
+		} else {
+			if (options->cipher_op == RTE_CRYPTO_CIPHER_OP_ENCRYPT &&
+			    options->auth_op == RTE_CRYPTO_AUTH_OP_GENERATE)
+				options->is_outbound = 1;
+			else
+				options->is_outbound = 0;
+		}
+	}
 #endif
 
 	return 0;
-- 
2.25.1

RE: [PATCH 3/3] app/crypto-perf: fix IPsec direction

[Akhil Goyal]

> Subject: [PATCH 3/3] app/crypto-perf: fix IPsec direction
> 
> The default value of options->auth_op & options->cipher_op are such that
> an unconditional check for the same would always return true. Hence, the
> direction is always determined to be outbound/egress.
> 
> The field options->aead_algo should be checked prior to checking above
> fields. Since the same check would be required in datapath, introduce a
> new flag in options for the same.
> 
> Fixes: 28dde5da503e ("app/crypto-perf: support lookaside IPsec")
Cc: stable@dpdk.org

> 
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Series Acked-by: Akhil Goyal <gakhil@marvell.com>

Applied to dpdk-next-crypto

Thanks.