DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH 1/2] drivers/crypto: fix 18bit PDCP cases with HFN override
@ 2020-06-01 18:02 Akhil Goyal
  2020-06-01 18:02 ` [dpdk-dev] [PATCH 2/2] test/crypto: enable hfn override in PDCP cases Akhil Goyal
  2020-07-06  5:21 ` [dpdk-dev] [PATCH v2 0/3] Updates for HFN in PDCP Akhil Goyal
  0 siblings, 2 replies; 12+ messages in thread
From: Akhil Goyal @ 2020-06-01 18:02 UTC (permalink / raw)
  To: dev; +Cc: hemant.agrawal, Akhil Goyal

In case of RTA_SEC_ERA = 8, where the length of shared desc
is large for some of PDCP cases, the descriptor buffer cannot
hold 2 extra words when HFN override is enabled. As a result,
the descriptor fails.

This patch converts one of the keys from immediate key to
reference key hence reducing the length of the descriptor.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 drivers/common/dpaax/caamflib/desc/pdcp.h   | 44 +++++++++++++++++++++
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c |  8 ++++
 drivers/crypto/dpaa_sec/dpaa_sec.c          | 33 +++-------------
 3 files changed, 58 insertions(+), 27 deletions(-)

diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index b5e2d24e4..99eb0f71a 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -262,6 +262,50 @@ enum pdb_type_e {
 	PDCP_PDB_TYPE_INVALID
 };
 
+/**
+ * rta_inline_pdcp_query() - Provide indications if a key can be passed as
+ *                           immediate data or shall be referenced in a
+ *                           shared descriptor.
+ * Return: 0 if data can be inlined or 1 if referenced.
+ */
+static inline int
+rta_inline_pdcp_query(enum auth_type_pdcp auth_alg,
+		      enum cipher_type_pdcp cipher_alg,
+		      enum pdcp_sn_size sn_size,
+		      int8_t hfn_ovd)
+{
+	/**
+	 * Shared Descriptors for some of the cases does not fit in the
+	 * MAX_DESC_SIZE of the descriptor especially when non-protocol
+	 * descriptors are formed as in 18bit cases and when HFN override
+	 * is enabled as 2 extra words are added in the job descriptor.
+	 * The cases which exceed are for RTA_SEC_ERA=8 and HFN override
+	 * enabled and 18bit uplane and either of following Algo combinations.
+	 * - SNOW-AES
+	 * - AES-SNOW
+	 * - SNOW-SNOW
+	 * - ZUC-SNOW
+	 *
+	 * We cannot make inline for all cases, as this will impact performance
+	 * due to extra memory accesses for the keys.
+	 */
+	if ((rta_sec_era == RTA_SEC_ERA_8) && hfn_ovd &&
+			(sn_size == PDCP_SN_SIZE_18) &&
+			((cipher_alg == PDCP_CIPHER_TYPE_SNOW &&
+				auth_alg == PDCP_AUTH_TYPE_AES) ||
+			(cipher_alg == PDCP_CIPHER_TYPE_AES &&
+				auth_alg == PDCP_AUTH_TYPE_SNOW) ||
+			(cipher_alg == PDCP_CIPHER_TYPE_SNOW &&
+				auth_alg == PDCP_AUTH_TYPE_SNOW) ||
+			(cipher_alg == PDCP_CIPHER_TYPE_ZUC &&
+				auth_alg == PDCP_AUTH_TYPE_SNOW))) {
+
+		return 1;
+	}
+
+	return 0;
+}
+
 /*
  * Function for appending the portion of a PDCP Control Plane shared descriptor
  * which performs NULL encryption and integrity (i.e. copies the input frame
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 63e7d930a..f59ea52be 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3156,6 +3156,14 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 		goto out;
 	}
 
+	if (rta_inline_pdcp_query(authdata.algtype,
+				cipherdata.algtype,
+				session->pdcp.sn_size,
+				session->pdcp.hfn_ovd)) {
+		cipherdata.key = DPAA2_VADDR_TO_IOVA(cipherdata.key);
+		cipherdata.key_type = RTA_DATA_PTR;
+	}
+
 	if (pdcp_xform->domain == RTE_SECURITY_PDCP_MODE_CONTROL) {
 		if (session->dir == DIR_ENC)
 			bufsize = cnstr_shdsc_pdcp_c_plane_encap(
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 66ee0ba0c..2b715632d 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -242,7 +242,6 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
 	struct sec_cdb *cdb = &ses->cdb;
 	struct alginfo *p_authdata = NULL;
 	int32_t shared_desc_len = 0;
-	int err;
 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
 	int swap = false;
 #else
@@ -256,10 +255,6 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
 	cipherdata.algtype = ses->cipher_key.alg;
 	cipherdata.algmode = ses->cipher_key.algmode;
 
-	cdb->sh_desc[0] = cipherdata.keylen;
-	cdb->sh_desc[1] = 0;
-	cdb->sh_desc[2] = 0;
-
 	if (ses->auth_alg) {
 		authdata.key = (size_t)ses->auth_key.data;
 		authdata.keylen = ses->auth_key.length;
@@ -269,33 +264,17 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
 		authdata.algmode = ses->auth_key.algmode;
 
 		p_authdata = &authdata;
-
-		cdb->sh_desc[1] = authdata.keylen;
 	}
 
-	err = rta_inline_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN,
-			       MIN_JOB_DESC_SIZE,
-			       (unsigned int *)cdb->sh_desc,
-			       &cdb->sh_desc[2], 2);
-	if (err < 0) {
-		DPAA_SEC_ERR("Crypto: Incorrect key lengths");
-		return err;
-	}
-
-	if (!(cdb->sh_desc[2] & 1) && cipherdata.keylen) {
+	if (rta_inline_pdcp_query(authdata.algtype,
+				cipherdata.algtype,
+				ses->pdcp.sn_size,
+				ses->pdcp.hfn_ovd)) {
 		cipherdata.key =
-			(size_t)rte_dpaa_mem_vtop((void *)(size_t)cipherdata.key);
+			(size_t)rte_dpaa_mem_vtop((void *)
+					(size_t)cipherdata.key);
 		cipherdata.key_type = RTA_DATA_PTR;
 	}
-	if (!(cdb->sh_desc[2] & (1 << 1)) &&  authdata.keylen) {
-		authdata.key =
-			(size_t)rte_dpaa_mem_vtop((void *)(size_t)authdata.key);
-		authdata.key_type = RTA_DATA_PTR;
-	}
-
-	cdb->sh_desc[0] = 0;
-	cdb->sh_desc[1] = 0;
-	cdb->sh_desc[2] = 0;
 
 	if (ses->pdcp.domain == RTE_SECURITY_PDCP_MODE_CONTROL) {
 		if (ses->dir == DIR_ENC)
-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [dpdk-dev] [PATCH 2/2] test/crypto: enable hfn override in PDCP cases
  2020-06-01 18:02 [dpdk-dev] [PATCH 1/2] drivers/crypto: fix 18bit PDCP cases with HFN override Akhil Goyal
@ 2020-06-01 18:02 ` Akhil Goyal
  2020-07-06  5:21 ` [dpdk-dev] [PATCH v2 0/3] Updates for HFN in PDCP Akhil Goyal
  1 sibling, 0 replies; 12+ messages in thread
From: Akhil Goyal @ 2020-06-01 18:02 UTC (permalink / raw)
  To: dev; +Cc: hemant.agrawal, Akhil Goyal

As most of the real woeld use cases need HFN value to
be updated on per packet basis, changing the default
testing with HFN override enabled for all PDCP cases.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 app/test-crypto-perf/cperf_ops.c | 10 +++++++---
 app/test/test_cryptodev.c        | 13 +++++++++++--
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 97584ceed..847982219 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -25,6 +25,10 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
 		struct rte_security_session *sec_sess =
 			(struct rte_security_session *)sess;
 
+		uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ops[i],
+					uint32_t *, iv_offset);
+		*per_pkt_hfn = 0x1;
+
 		ops[i]->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
 		rte_security_attach_session(ops[i], sec_sess);
 		sym_op->m_src = (struct rte_mbuf *)((uint8_t *)ops[i] +
@@ -529,16 +533,15 @@ cperf_create_session(struct rte_mempool *sess_mp,
 		cipher_xform.cipher.algo = options->cipher_algo;
 		cipher_xform.cipher.op = options->cipher_op;
 		cipher_xform.cipher.iv.offset = iv_offset;
+		cipher_xform.cipher.iv.length = 4;
 
 		/* cipher different than null */
 		if (options->cipher_algo != RTE_CRYPTO_CIPHER_NULL) {
 			cipher_xform.cipher.key.data = test_vector->cipher_key.data;
 			cipher_xform.cipher.key.length = test_vector->cipher_key.length;
-			cipher_xform.cipher.iv.length = test_vector->cipher_iv.length;
 		} else {
 			cipher_xform.cipher.key.data = NULL;
 			cipher_xform.cipher.key.length = 0;
-			cipher_xform.cipher.iv.length = 0;
 		}
 
 		/* Setup Auth Parameters */
@@ -576,8 +579,9 @@ cperf_create_session(struct rte_mempool *sess_mp,
 				.domain = options->pdcp_domain,
 				.pkt_dir = 0,
 				.sn_size = options->pdcp_sn_sz,
-				.hfn = 0x1,
+				.hfn = 0x0,
 				.hfn_threshold = 0x70C0A,
+				.hfn_ovrd = 1,
 			} },
 			.crypto_xform = &cipher_xform
 		};
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 8f631468b..f4ed89c1c 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -7385,7 +7385,8 @@ test_pdcp_proto_SGL(int i, int oop,
 	ut_params->cipher_xform.cipher.key.data = pdcp_test_crypto_key[i];
 	ut_params->cipher_xform.cipher.key.length =
 					pdcp_test_params[i].cipher_key_len;
-	ut_params->cipher_xform.cipher.iv.length = 0;
+	ut_params->cipher_xform.cipher.iv.length = 4;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
 
 	/* Setup HMAC Parameters if ICV header is required */
 	if (pdcp_test_params[i].auth_alg != 0) {
@@ -7410,8 +7411,12 @@ test_pdcp_proto_SGL(int i, int oop,
 			.domain = pdcp_test_params[i].domain,
 			.pkt_dir = pdcp_test_packet_direction[i],
 			.sn_size = pdcp_test_data_sn_size[i],
-			.hfn = pdcp_test_hfn[i],
+			.hfn = 0, /**
+				   * hfn can be set as pdcp_test_hfn[i]
+				   * if hfn_ovrd is not set
+				   */
 			.hfn_threshold = pdcp_test_hfn_threshold[i],
+			.hfn_ovrd = 1,
 		} },
 		.crypto_xform = &ut_params->cipher_xform
 	};
@@ -7438,6 +7443,10 @@ test_pdcp_proto_SGL(int i, int oop,
 		goto on_err;
 	}
 
+	uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ut_params->op,
+					uint32_t *, IV_OFFSET);
+	*per_pkt_hfn = pdcp_test_hfn[i];
+
 	rte_security_attach_session(ut_params->op, ut_params->sec_session);
 
 	/* set crypto operation source mbuf */
-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [dpdk-dev] [PATCH v2 0/3] Updates for HFN in PDCP
  2020-06-01 18:02 [dpdk-dev] [PATCH 1/2] drivers/crypto: fix 18bit PDCP cases with HFN override Akhil Goyal
  2020-06-01 18:02 ` [dpdk-dev] [PATCH 2/2] test/crypto: enable hfn override in PDCP cases Akhil Goyal
@ 2020-07-06  5:21 ` Akhil Goyal
  2020-07-06  5:21   ` [dpdk-dev] [PATCH v2 1/3] drivers/crypto: fix 18bit PDCP cases with HFN override Akhil Goyal
                     ` (3 more replies)
  1 sibling, 4 replies; 12+ messages in thread
From: Akhil Goyal @ 2020-07-06  5:21 UTC (permalink / raw)
  To: dev; +Cc: hemant.agrawal, Akhil Goyal

Changes in v2:
updated test and test-crypto-perf for better test coverage
to include both HFN override and per session HFN in testing.


Akhil Goyal (3):
  drivers/crypto: fix 18bit PDCP cases with HFN override
  test/crypto: update PDCP HFN scenarios
  test/crypto-perf: add option to enable session HFN

 app/test-crypto-perf/cperf_ops.c             | 11 +++--
 app/test-crypto-perf/cperf_options.h         |  3 ++
 app/test-crypto-perf/cperf_options_parsing.c | 13 ++++++
 app/test/test_cryptodev.c                    | 20 ++++++++-
 doc/guides/tools/cryptoperf.rst              |  4 ++
 drivers/common/dpaax/caamflib/desc/pdcp.h    | 44 ++++++++++++++++++++
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c  |  8 ++++
 drivers/crypto/dpaa_sec/dpaa_sec.c           | 33 +++------------
 8 files changed, 104 insertions(+), 32 deletions(-)

-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [dpdk-dev] [PATCH v2 1/3] drivers/crypto: fix 18bit PDCP cases with HFN override
  2020-07-06  5:21 ` [dpdk-dev] [PATCH v2 0/3] Updates for HFN in PDCP Akhil Goyal
@ 2020-07-06  5:21   ` Akhil Goyal
  2020-07-06  5:36     ` [dpdk-dev] [PATCH v3 0/3] Updates for HFN in PDCP Akhil Goyal
  2020-07-06  5:21   ` [dpdk-dev] [PATCH v2 2/3] test/crypto: update PDCP HFN scenarios Akhil Goyal
                     ` (2 subsequent siblings)
  3 siblings, 1 reply; 12+ messages in thread
From: Akhil Goyal @ 2020-07-06  5:21 UTC (permalink / raw)
  To: dev; +Cc: hemant.agrawal, Akhil Goyal

In case of RTA_SEC_ERA = 8, where the length of shared desc
is large for some of PDCP cases, the descriptor buffer cannot
hold 2 extra words when HFN override is enabled. As a result,
the descriptor fails.

This patch converts one of the keys from immediate key to
reference key hence reducing the length of the descriptor.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 drivers/common/dpaax/caamflib/desc/pdcp.h   | 44 +++++++++++++++++++++
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c |  8 ++++
 drivers/crypto/dpaa_sec/dpaa_sec.c          | 33 +++-------------
 3 files changed, 58 insertions(+), 27 deletions(-)

diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index b5e2d24e4..99eb0f71a 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -262,6 +262,50 @@ enum pdb_type_e {
 	PDCP_PDB_TYPE_INVALID
 };
 
+/**
+ * rta_inline_pdcp_query() - Provide indications if a key can be passed as
+ *                           immediate data or shall be referenced in a
+ *                           shared descriptor.
+ * Return: 0 if data can be inlined or 1 if referenced.
+ */
+static inline int
+rta_inline_pdcp_query(enum auth_type_pdcp auth_alg,
+		      enum cipher_type_pdcp cipher_alg,
+		      enum pdcp_sn_size sn_size,
+		      int8_t hfn_ovd)
+{
+	/**
+	 * Shared Descriptors for some of the cases does not fit in the
+	 * MAX_DESC_SIZE of the descriptor especially when non-protocol
+	 * descriptors are formed as in 18bit cases and when HFN override
+	 * is enabled as 2 extra words are added in the job descriptor.
+	 * The cases which exceed are for RTA_SEC_ERA=8 and HFN override
+	 * enabled and 18bit uplane and either of following Algo combinations.
+	 * - SNOW-AES
+	 * - AES-SNOW
+	 * - SNOW-SNOW
+	 * - ZUC-SNOW
+	 *
+	 * We cannot make inline for all cases, as this will impact performance
+	 * due to extra memory accesses for the keys.
+	 */
+	if ((rta_sec_era == RTA_SEC_ERA_8) && hfn_ovd &&
+			(sn_size == PDCP_SN_SIZE_18) &&
+			((cipher_alg == PDCP_CIPHER_TYPE_SNOW &&
+				auth_alg == PDCP_AUTH_TYPE_AES) ||
+			(cipher_alg == PDCP_CIPHER_TYPE_AES &&
+				auth_alg == PDCP_AUTH_TYPE_SNOW) ||
+			(cipher_alg == PDCP_CIPHER_TYPE_SNOW &&
+				auth_alg == PDCP_AUTH_TYPE_SNOW) ||
+			(cipher_alg == PDCP_CIPHER_TYPE_ZUC &&
+				auth_alg == PDCP_AUTH_TYPE_SNOW))) {
+
+		return 1;
+	}
+
+	return 0;
+}
+
 /*
  * Function for appending the portion of a PDCP Control Plane shared descriptor
  * which performs NULL encryption and integrity (i.e. copies the input frame
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 12f833136..60fdced78 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3154,6 +3154,14 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 		goto out;
 	}
 
+	if (rta_inline_pdcp_query(authdata.algtype,
+				cipherdata.algtype,
+				session->pdcp.sn_size,
+				session->pdcp.hfn_ovd)) {
+		cipherdata.key = DPAA2_VADDR_TO_IOVA(cipherdata.key);
+		cipherdata.key_type = RTA_DATA_PTR;
+	}
+
 	if (pdcp_xform->domain == RTE_SECURITY_PDCP_MODE_CONTROL) {
 		if (session->dir == DIR_ENC)
 			bufsize = cnstr_shdsc_pdcp_c_plane_encap(
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index d9fa8bb36..01e79c8ea 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -240,7 +240,6 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
 	struct sec_cdb *cdb = &ses->cdb;
 	struct alginfo *p_authdata = NULL;
 	int32_t shared_desc_len = 0;
-	int err;
 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
 	int swap = false;
 #else
@@ -254,10 +253,6 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
 	cipherdata.algtype = ses->cipher_key.alg;
 	cipherdata.algmode = ses->cipher_key.algmode;
 
-	cdb->sh_desc[0] = cipherdata.keylen;
-	cdb->sh_desc[1] = 0;
-	cdb->sh_desc[2] = 0;
-
 	if (ses->auth_alg) {
 		authdata.key = (size_t)ses->auth_key.data;
 		authdata.keylen = ses->auth_key.length;
@@ -267,33 +262,17 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
 		authdata.algmode = ses->auth_key.algmode;
 
 		p_authdata = &authdata;
-
-		cdb->sh_desc[1] = authdata.keylen;
 	}
 
-	err = rta_inline_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN,
-			       MIN_JOB_DESC_SIZE,
-			       (unsigned int *)cdb->sh_desc,
-			       &cdb->sh_desc[2], 2);
-	if (err < 0) {
-		DPAA_SEC_ERR("Crypto: Incorrect key lengths");
-		return err;
-	}
-
-	if (!(cdb->sh_desc[2] & 1) && cipherdata.keylen) {
+	if (rta_inline_pdcp_query(authdata.algtype,
+				cipherdata.algtype,
+				ses->pdcp.sn_size,
+				ses->pdcp.hfn_ovd)) {
 		cipherdata.key =
-			(size_t)rte_dpaa_mem_vtop((void *)(size_t)cipherdata.key);
+			(size_t)rte_dpaa_mem_vtop((void *)
+					(size_t)cipherdata.key);
 		cipherdata.key_type = RTA_DATA_PTR;
 	}
-	if (!(cdb->sh_desc[2] & (1 << 1)) &&  authdata.keylen) {
-		authdata.key =
-			(size_t)rte_dpaa_mem_vtop((void *)(size_t)authdata.key);
-		authdata.key_type = RTA_DATA_PTR;
-	}
-
-	cdb->sh_desc[0] = 0;
-	cdb->sh_desc[1] = 0;
-	cdb->sh_desc[2] = 0;
 
 	if (ses->pdcp.domain == RTE_SECURITY_PDCP_MODE_CONTROL) {
 		if (ses->dir == DIR_ENC)
-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [dpdk-dev] [PATCH v2 2/3] test/crypto: update PDCP HFN scenarios
  2020-07-06  5:21 ` [dpdk-dev] [PATCH v2 0/3] Updates for HFN in PDCP Akhil Goyal
  2020-07-06  5:21   ` [dpdk-dev] [PATCH v2 1/3] drivers/crypto: fix 18bit PDCP cases with HFN override Akhil Goyal
@ 2020-07-06  5:21   ` Akhil Goyal
  2020-07-06  5:21   ` [dpdk-dev] [PATCH v2 3/3] test/crypto-perf: add option to enable session HFN Akhil Goyal
  2020-07-06  5:45   ` [dpdk-dev] [PATCH v2 0/3] Updates for HFN in PDCP Hemant Agrawal
  3 siblings, 0 replies; 12+ messages in thread
From: Akhil Goyal @ 2020-07-06  5:21 UTC (permalink / raw)
  To: dev; +Cc: hemant.agrawal, Akhil Goyal

As per current framework of PDCP testing, app can only support
either HFN override or fixed session HFN values but not both.
Now to enable both, either we duplicate all PDCP cases(>100)
for both override and fixed HFN. It will look clumsy as the
number of cases will be very high without much value addition.

Now to overcome this, we can do HFN override for Downlink cases
and fixed HFN for uplink cases. This way we will not loose the
test coverage and there will not be duplicacy in the test cases.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 app/test/test_cryptodev.c | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index f1c11bcd8..81af592d0 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -7418,7 +7418,9 @@ test_pdcp_proto_SGL(int i, int oop,
 	ut_params->cipher_xform.cipher.key.data = pdcp_test_crypto_key[i];
 	ut_params->cipher_xform.cipher.key.length =
 					pdcp_test_params[i].cipher_key_len;
-	ut_params->cipher_xform.cipher.iv.length = 0;
+	ut_params->cipher_xform.cipher.iv.length =
+				pdcp_test_packet_direction[i] ? 4 : 0;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
 
 	/* Setup HMAC Parameters if ICV header is required */
 	if (pdcp_test_params[i].auth_alg != 0) {
@@ -7443,8 +7445,18 @@ test_pdcp_proto_SGL(int i, int oop,
 			.domain = pdcp_test_params[i].domain,
 			.pkt_dir = pdcp_test_packet_direction[i],
 			.sn_size = pdcp_test_data_sn_size[i],
-			.hfn = pdcp_test_hfn[i],
+			.hfn = pdcp_test_packet_direction[i] ?
+				0 : pdcp_test_hfn[i],
+				/**
+				  * hfn can be set as pdcp_test_hfn[i]
+				  * if hfn_ovrd is not set. Here, PDCP
+				  * packet direction is just used to
+				  * run half of the cases with session
+				  * HFN and other half with per packet
+				  * HFN.
+				  */
 			.hfn_threshold = pdcp_test_hfn_threshold[i],
+			.hfn_ovrd = pdcp_test_packet_direction[i] ? 1 : 0,
 		} },
 		.crypto_xform = &ut_params->cipher_xform
 	};
@@ -7471,6 +7483,10 @@ test_pdcp_proto_SGL(int i, int oop,
 		goto on_err;
 	}
 
+	uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ut_params->op,
+					uint32_t *, IV_OFFSET);
+	*per_pkt_hfn = pdcp_test_packet_direction[i] ? pdcp_test_hfn[i] : 0;
+
 	rte_security_attach_session(ut_params->op, ut_params->sec_session);
 
 	/* set crypto operation source mbuf */
-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [dpdk-dev] [PATCH v2 3/3] test/crypto-perf: add option to enable session HFN
  2020-07-06  5:21 ` [dpdk-dev] [PATCH v2 0/3] Updates for HFN in PDCP Akhil Goyal
  2020-07-06  5:21   ` [dpdk-dev] [PATCH v2 1/3] drivers/crypto: fix 18bit PDCP cases with HFN override Akhil Goyal
  2020-07-06  5:21   ` [dpdk-dev] [PATCH v2 2/3] test/crypto: update PDCP HFN scenarios Akhil Goyal
@ 2020-07-06  5:21   ` Akhil Goyal
  2020-07-06  5:45   ` [dpdk-dev] [PATCH v2 0/3] Updates for HFN in PDCP Hemant Agrawal
  3 siblings, 0 replies; 12+ messages in thread
From: Akhil Goyal @ 2020-07-06  5:21 UTC (permalink / raw)
  To: dev; +Cc: hemant.agrawal, Akhil Goyal

Add a new option for PDCP cases to enable use of session
based fixed HFN value instead of per packet HFN which was
enabled by hfn override feature.
By default HFN override is enabled and if session based
fixed HFN need to be tested, add "--pdcp-ses-hfn-en" in the
command line.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 app/test-crypto-perf/cperf_ops.c             | 11 ++++++++---
 app/test-crypto-perf/cperf_options.h         |  3 +++
 app/test-crypto-perf/cperf_options_parsing.c | 13 +++++++++++++
 doc/guides/tools/cryptoperf.rst              |  4 ++++
 4 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index e06b59f55..f851509ec 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -26,6 +26,10 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
 			(struct rte_security_session *)sess;
 		uint32_t buf_sz;
 
+		uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ops[i],
+					uint32_t *, iv_offset);
+		*per_pkt_hfn = options->pdcp_ses_hfn_en ? 0 : PDCP_DEFAULT_HFN;
+
 		ops[i]->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
 		rte_security_attach_session(ops[i], sec_sess);
 		sym_op->m_src = (struct rte_mbuf *)((uint8_t *)ops[i] +
@@ -554,16 +558,15 @@ cperf_create_session(struct rte_mempool *sess_mp,
 		cipher_xform.cipher.algo = options->cipher_algo;
 		cipher_xform.cipher.op = options->cipher_op;
 		cipher_xform.cipher.iv.offset = iv_offset;
+		cipher_xform.cipher.iv.length = 4;
 
 		/* cipher different than null */
 		if (options->cipher_algo != RTE_CRYPTO_CIPHER_NULL) {
 			cipher_xform.cipher.key.data = test_vector->cipher_key.data;
 			cipher_xform.cipher.key.length = test_vector->cipher_key.length;
-			cipher_xform.cipher.iv.length = test_vector->cipher_iv.length;
 		} else {
 			cipher_xform.cipher.key.data = NULL;
 			cipher_xform.cipher.key.length = 0;
-			cipher_xform.cipher.iv.length = 0;
 		}
 
 		/* Setup Auth Parameters */
@@ -601,8 +604,10 @@ cperf_create_session(struct rte_mempool *sess_mp,
 				.domain = options->pdcp_domain,
 				.pkt_dir = 0,
 				.sn_size = options->pdcp_sn_sz,
-				.hfn = 0x1,
+				.hfn = options->pdcp_ses_hfn_en ?
+					PDCP_DEFAULT_HFN : 0,
 				.hfn_threshold = 0x70C0A,
+				.hfn_ovrd = !(options->pdcp_ses_hfn_en),
 			} },
 			.crypto_xform = &cipher_xform
 		};
diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h
index e5f1edffc..256fabb07 100644
--- a/app/test-crypto-perf/cperf_options.h
+++ b/app/test-crypto-perf/cperf_options.h
@@ -50,6 +50,8 @@
 #ifdef RTE_LIBRTE_SECURITY
 #define CPERF_PDCP_SN_SZ	("pdcp-sn-sz")
 #define CPERF_PDCP_DOMAIN	("pdcp-domain")
+#define CPERF_PDCP_SES_HFN_EN	("pdcp-ses-hfn-en")
+#define PDCP_DEFAULT_HFN	0x1
 #define CPERF_DOCSIS_HDR_SZ	("docsis-hdr-sz")
 #endif
 
@@ -123,6 +125,7 @@ struct cperf_options {
 
 #ifdef RTE_LIBRTE_SECURITY
 	uint16_t pdcp_sn_sz;
+	uint16_t pdcp_ses_hfn_en;
 	enum rte_security_pdcp_domain pdcp_domain;
 	uint16_t docsis_hdr_sz;
 #endif
diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index 20577a144..44aa7f925 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -58,6 +58,9 @@ usage(char *progname)
 		"           and dequeue in pmd-cyclecount benchmarking mode\n"
 		" --csv-friendly: enable test result output CSV friendly\n"
 #ifdef RTE_LIBRTE_SECURITY
+		" --pdcp-sn-sz N: set PDCP SN size N <5/7/12/15/18>\n"
+		" --pdcp-domain DOMAIN: set PDCP domain <control/user>\n"
+		" --pdcp-ses-hfn-en: enable session based fixed HFN\n"
 		" --docsis-hdr-sz: set DOCSIS header size\n"
 #endif
 		" -h: prints this help\n",
@@ -834,6 +837,7 @@ static struct option lgopts[] = {
 #ifdef RTE_LIBRTE_SECURITY
 	{ CPERF_PDCP_SN_SZ, required_argument, 0, 0 },
 	{ CPERF_PDCP_DOMAIN, required_argument, 0, 0 },
+	{ CPERF_PDCP_SES_HFN_EN, no_argument, 0, 0 },
 	{ CPERF_DOCSIS_HDR_SZ, required_argument, 0, 0 },
 #endif
 	{ CPERF_CSV, no_argument, 0, 0},
@@ -905,6 +909,7 @@ cperf_options_default(struct cperf_options *opts)
 #ifdef RTE_LIBRTE_SECURITY
 	opts->pdcp_sn_sz = 12;
 	opts->pdcp_domain = RTE_SECURITY_PDCP_MODE_CONTROL;
+	opts->pdcp_ses_hfn_en = 0;
 	opts->docsis_hdr_sz = 17;
 #endif
 }
@@ -945,6 +950,7 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options *opts)
 #ifdef RTE_LIBRTE_SECURITY
 		{ CPERF_PDCP_SN_SZ,	parse_pdcp_sn_sz },
 		{ CPERF_PDCP_DOMAIN,	parse_pdcp_domain },
+		{ CPERF_PDCP_SES_HFN_EN,	parse_pdcp_ses_hfn_en },
 		{ CPERF_DOCSIS_HDR_SZ,	parse_docsis_hdr_sz },
 #endif
 		{ CPERF_CSV,		parse_csv_friendly},
@@ -1079,6 +1085,13 @@ check_docsis_buffer_length(struct cperf_options *options)
 
 	return 0;
 }
+
+static int
+parse_pdcp_ses_hfn_en(struct cperf_options *opts, const char *arg __rte_unused)
+{
+	opts->pdcp_ses_hfn_en = 1;
+	return 0;
+}
 #endif
 
 int
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index a8df8bc99..28b729dbd 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -347,6 +347,10 @@ The following are the application command-line options:
 
         Set DOCSIS header size(n) in bytes.
 
+* ``--pdcp-ses-hfn-en``
+
+        Enable fixed session based HFN instead of per packet HFN.
+
 Test Vector File
 ~~~~~~~~~~~~~~~~
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [dpdk-dev] [PATCH v3 0/3] Updates for HFN in PDCP
  2020-07-06  5:21   ` [dpdk-dev] [PATCH v2 1/3] drivers/crypto: fix 18bit PDCP cases with HFN override Akhil Goyal
@ 2020-07-06  5:36     ` Akhil Goyal
  2020-07-06  5:36       ` [dpdk-dev] [PATCH v3 1/3] drivers/crypto: fix 18bit PDCP cases with HFN override Akhil Goyal
                         ` (3 more replies)
  0 siblings, 4 replies; 12+ messages in thread
From: Akhil Goyal @ 2020-07-06  5:36 UTC (permalink / raw)
  To: dev; +Cc: hemant.agrawal, Akhil Goyal

changes in v3:
- fix checkpatch warning
- changes were accidently done in test_pdcp_proto_SGL instead of
test_pdcp_proto. Fixed.

Changes in v2:
updated test and test-crypto-perf for better test coverage
to include both HFN override and per session HFN in testing.


*** BLURB HERE ***

Akhil Goyal (3):
  drivers/crypto: fix 18bit PDCP cases with HFN override
  test/crypto: update PDCP HFN scenarios
  test/crypto-perf: add option to enable session HFN

 app/test-crypto-perf/cperf_ops.c             | 11 +++--
 app/test-crypto-perf/cperf_options.h         |  3 ++
 app/test-crypto-perf/cperf_options_parsing.c | 13 ++++++
 app/test/test_cryptodev.c                    | 21 +++++++++-
 doc/guides/tools/cryptoperf.rst              |  4 ++
 drivers/common/dpaax/caamflib/desc/pdcp.h    | 44 ++++++++++++++++++++
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c  |  8 ++++
 drivers/crypto/dpaa_sec/dpaa_sec.c           | 33 +++------------
 8 files changed, 105 insertions(+), 32 deletions(-)

-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [dpdk-dev] [PATCH v3 1/3] drivers/crypto: fix 18bit PDCP cases with HFN override
  2020-07-06  5:36     ` [dpdk-dev] [PATCH v3 0/3] Updates for HFN in PDCP Akhil Goyal
@ 2020-07-06  5:36       ` Akhil Goyal
  2020-07-06  5:36       ` [dpdk-dev] [PATCH v3 2/3] test/crypto: update PDCP HFN scenarios Akhil Goyal
                         ` (2 subsequent siblings)
  3 siblings, 0 replies; 12+ messages in thread
From: Akhil Goyal @ 2020-07-06  5:36 UTC (permalink / raw)
  To: dev; +Cc: hemant.agrawal, Akhil Goyal

In case of RTA_SEC_ERA = 8, where the length of shared desc
is large for some of PDCP cases, the descriptor buffer cannot
hold 2 extra words when HFN override is enabled. As a result,
the descriptor fails.

This patch converts one of the keys from immediate key to
reference key hence reducing the length of the descriptor.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 drivers/common/dpaax/caamflib/desc/pdcp.h   | 44 +++++++++++++++++++++
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c |  8 ++++
 drivers/crypto/dpaa_sec/dpaa_sec.c          | 33 +++-------------
 3 files changed, 58 insertions(+), 27 deletions(-)

diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index b5e2d24e4..99eb0f71a 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -262,6 +262,50 @@ enum pdb_type_e {
 	PDCP_PDB_TYPE_INVALID
 };
 
+/**
+ * rta_inline_pdcp_query() - Provide indications if a key can be passed as
+ *                           immediate data or shall be referenced in a
+ *                           shared descriptor.
+ * Return: 0 if data can be inlined or 1 if referenced.
+ */
+static inline int
+rta_inline_pdcp_query(enum auth_type_pdcp auth_alg,
+		      enum cipher_type_pdcp cipher_alg,
+		      enum pdcp_sn_size sn_size,
+		      int8_t hfn_ovd)
+{
+	/**
+	 * Shared Descriptors for some of the cases does not fit in the
+	 * MAX_DESC_SIZE of the descriptor especially when non-protocol
+	 * descriptors are formed as in 18bit cases and when HFN override
+	 * is enabled as 2 extra words are added in the job descriptor.
+	 * The cases which exceed are for RTA_SEC_ERA=8 and HFN override
+	 * enabled and 18bit uplane and either of following Algo combinations.
+	 * - SNOW-AES
+	 * - AES-SNOW
+	 * - SNOW-SNOW
+	 * - ZUC-SNOW
+	 *
+	 * We cannot make inline for all cases, as this will impact performance
+	 * due to extra memory accesses for the keys.
+	 */
+	if ((rta_sec_era == RTA_SEC_ERA_8) && hfn_ovd &&
+			(sn_size == PDCP_SN_SIZE_18) &&
+			((cipher_alg == PDCP_CIPHER_TYPE_SNOW &&
+				auth_alg == PDCP_AUTH_TYPE_AES) ||
+			(cipher_alg == PDCP_CIPHER_TYPE_AES &&
+				auth_alg == PDCP_AUTH_TYPE_SNOW) ||
+			(cipher_alg == PDCP_CIPHER_TYPE_SNOW &&
+				auth_alg == PDCP_AUTH_TYPE_SNOW) ||
+			(cipher_alg == PDCP_CIPHER_TYPE_ZUC &&
+				auth_alg == PDCP_AUTH_TYPE_SNOW))) {
+
+		return 1;
+	}
+
+	return 0;
+}
+
 /*
  * Function for appending the portion of a PDCP Control Plane shared descriptor
  * which performs NULL encryption and integrity (i.e. copies the input frame
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 12f833136..60fdced78 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3154,6 +3154,14 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 		goto out;
 	}
 
+	if (rta_inline_pdcp_query(authdata.algtype,
+				cipherdata.algtype,
+				session->pdcp.sn_size,
+				session->pdcp.hfn_ovd)) {
+		cipherdata.key = DPAA2_VADDR_TO_IOVA(cipherdata.key);
+		cipherdata.key_type = RTA_DATA_PTR;
+	}
+
 	if (pdcp_xform->domain == RTE_SECURITY_PDCP_MODE_CONTROL) {
 		if (session->dir == DIR_ENC)
 			bufsize = cnstr_shdsc_pdcp_c_plane_encap(
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index d9fa8bb36..01e79c8ea 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -240,7 +240,6 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
 	struct sec_cdb *cdb = &ses->cdb;
 	struct alginfo *p_authdata = NULL;
 	int32_t shared_desc_len = 0;
-	int err;
 #if RTE_BYTE_ORDER == RTE_BIG_ENDIAN
 	int swap = false;
 #else
@@ -254,10 +253,6 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
 	cipherdata.algtype = ses->cipher_key.alg;
 	cipherdata.algmode = ses->cipher_key.algmode;
 
-	cdb->sh_desc[0] = cipherdata.keylen;
-	cdb->sh_desc[1] = 0;
-	cdb->sh_desc[2] = 0;
-
 	if (ses->auth_alg) {
 		authdata.key = (size_t)ses->auth_key.data;
 		authdata.keylen = ses->auth_key.length;
@@ -267,33 +262,17 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
 		authdata.algmode = ses->auth_key.algmode;
 
 		p_authdata = &authdata;
-
-		cdb->sh_desc[1] = authdata.keylen;
 	}
 
-	err = rta_inline_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN,
-			       MIN_JOB_DESC_SIZE,
-			       (unsigned int *)cdb->sh_desc,
-			       &cdb->sh_desc[2], 2);
-	if (err < 0) {
-		DPAA_SEC_ERR("Crypto: Incorrect key lengths");
-		return err;
-	}
-
-	if (!(cdb->sh_desc[2] & 1) && cipherdata.keylen) {
+	if (rta_inline_pdcp_query(authdata.algtype,
+				cipherdata.algtype,
+				ses->pdcp.sn_size,
+				ses->pdcp.hfn_ovd)) {
 		cipherdata.key =
-			(size_t)rte_dpaa_mem_vtop((void *)(size_t)cipherdata.key);
+			(size_t)rte_dpaa_mem_vtop((void *)
+					(size_t)cipherdata.key);
 		cipherdata.key_type = RTA_DATA_PTR;
 	}
-	if (!(cdb->sh_desc[2] & (1 << 1)) &&  authdata.keylen) {
-		authdata.key =
-			(size_t)rte_dpaa_mem_vtop((void *)(size_t)authdata.key);
-		authdata.key_type = RTA_DATA_PTR;
-	}
-
-	cdb->sh_desc[0] = 0;
-	cdb->sh_desc[1] = 0;
-	cdb->sh_desc[2] = 0;
 
 	if (ses->pdcp.domain == RTE_SECURITY_PDCP_MODE_CONTROL) {
 		if (ses->dir == DIR_ENC)
-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [dpdk-dev] [PATCH v3 2/3] test/crypto: update PDCP HFN scenarios
  2020-07-06  5:36     ` [dpdk-dev] [PATCH v3 0/3] Updates for HFN in PDCP Akhil Goyal
  2020-07-06  5:36       ` [dpdk-dev] [PATCH v3 1/3] drivers/crypto: fix 18bit PDCP cases with HFN override Akhil Goyal
@ 2020-07-06  5:36       ` Akhil Goyal
  2020-07-06  5:36       ` [dpdk-dev] [PATCH v3 3/3] test/crypto-perf: add option to enable session HFN Akhil Goyal
  2020-07-06  5:57       ` [dpdk-dev] [PATCH v3 0/3] Updates for HFN in PDCP Akhil Goyal
  3 siblings, 0 replies; 12+ messages in thread
From: Akhil Goyal @ 2020-07-06  5:36 UTC (permalink / raw)
  To: dev; +Cc: hemant.agrawal, Akhil Goyal

As per current framework of PDCP testing, app can only support
either HFN override or fixed session HFN values but not both.
Now to enable both, either we duplicate all PDCP cases(>100)
for both override and fixed HFN. It will look clumsy as the
number of cases will be very high without much value addition.

Now to overcome this, we can do HFN override for Downlink cases
and fixed HFN for uplink cases. This way we will not loose the
test coverage and there will not be duplicacy in the test cases.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 app/test/test_cryptodev.c | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index f1c11bcd8..d63958ddd 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -7161,7 +7161,9 @@ test_pdcp_proto(int i, int oop,
 	ut_params->cipher_xform.cipher.key.data = pdcp_test_crypto_key[i];
 	ut_params->cipher_xform.cipher.key.length =
 					pdcp_test_params[i].cipher_key_len;
-	ut_params->cipher_xform.cipher.iv.length = 0;
+	ut_params->cipher_xform.cipher.iv.length =
+				pdcp_test_packet_direction[i] ? 4 : 0;
+	ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
 
 	/* Setup HMAC Parameters if ICV header is required */
 	if (pdcp_test_params[i].auth_alg != 0) {
@@ -7186,8 +7188,18 @@ test_pdcp_proto(int i, int oop,
 			.domain = pdcp_test_params[i].domain,
 			.pkt_dir = pdcp_test_packet_direction[i],
 			.sn_size = pdcp_test_data_sn_size[i],
-			.hfn = pdcp_test_hfn[i],
+			.hfn = pdcp_test_packet_direction[i] ?
+				0 : pdcp_test_hfn[i],
+				/**
+				 * hfn can be set as pdcp_test_hfn[i]
+				 * if hfn_ovrd is not set. Here, PDCP
+				 * packet direction is just used to
+				 * run half of the cases with session
+				 * HFN and other half with per packet
+				 * HFN.
+				 */
 			.hfn_threshold = pdcp_test_hfn_threshold[i],
+			.hfn_ovrd = pdcp_test_packet_direction[i] ? 1 : 0,
 		} },
 		.crypto_xform = &ut_params->cipher_xform
 	};
@@ -7214,6 +7226,10 @@ test_pdcp_proto(int i, int oop,
 		goto on_err;
 	}
 
+	uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ut_params->op,
+					uint32_t *, IV_OFFSET);
+	*per_pkt_hfn = pdcp_test_packet_direction[i] ? pdcp_test_hfn[i] : 0;
+
 	rte_security_attach_session(ut_params->op, ut_params->sec_session);
 
 	/* set crypto operation source mbuf */
@@ -7445,6 +7461,7 @@ test_pdcp_proto_SGL(int i, int oop,
 			.sn_size = pdcp_test_data_sn_size[i],
 			.hfn = pdcp_test_hfn[i],
 			.hfn_threshold = pdcp_test_hfn_threshold[i],
+			.hfn_ovrd = 0,
 		} },
 		.crypto_xform = &ut_params->cipher_xform
 	};
-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [dpdk-dev] [PATCH v3 3/3] test/crypto-perf: add option to enable session HFN
  2020-07-06  5:36     ` [dpdk-dev] [PATCH v3 0/3] Updates for HFN in PDCP Akhil Goyal
  2020-07-06  5:36       ` [dpdk-dev] [PATCH v3 1/3] drivers/crypto: fix 18bit PDCP cases with HFN override Akhil Goyal
  2020-07-06  5:36       ` [dpdk-dev] [PATCH v3 2/3] test/crypto: update PDCP HFN scenarios Akhil Goyal
@ 2020-07-06  5:36       ` Akhil Goyal
  2020-07-06  5:57       ` [dpdk-dev] [PATCH v3 0/3] Updates for HFN in PDCP Akhil Goyal
  3 siblings, 0 replies; 12+ messages in thread
From: Akhil Goyal @ 2020-07-06  5:36 UTC (permalink / raw)
  To: dev; +Cc: hemant.agrawal, Akhil Goyal

Add a new option for PDCP cases to enable use of session
based fixed HFN value instead of per packet HFN which was
enabled by hfn override feature.
By default HFN override is enabled and if session based
fixed HFN need to be tested, add "--pdcp-ses-hfn-en" in the
command line.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 app/test-crypto-perf/cperf_ops.c             | 11 ++++++++---
 app/test-crypto-perf/cperf_options.h         |  3 +++
 app/test-crypto-perf/cperf_options_parsing.c | 13 +++++++++++++
 doc/guides/tools/cryptoperf.rst              |  4 ++++
 4 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index e06b59f55..f851509ec 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -26,6 +26,10 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
 			(struct rte_security_session *)sess;
 		uint32_t buf_sz;
 
+		uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ops[i],
+					uint32_t *, iv_offset);
+		*per_pkt_hfn = options->pdcp_ses_hfn_en ? 0 : PDCP_DEFAULT_HFN;
+
 		ops[i]->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
 		rte_security_attach_session(ops[i], sec_sess);
 		sym_op->m_src = (struct rte_mbuf *)((uint8_t *)ops[i] +
@@ -554,16 +558,15 @@ cperf_create_session(struct rte_mempool *sess_mp,
 		cipher_xform.cipher.algo = options->cipher_algo;
 		cipher_xform.cipher.op = options->cipher_op;
 		cipher_xform.cipher.iv.offset = iv_offset;
+		cipher_xform.cipher.iv.length = 4;
 
 		/* cipher different than null */
 		if (options->cipher_algo != RTE_CRYPTO_CIPHER_NULL) {
 			cipher_xform.cipher.key.data = test_vector->cipher_key.data;
 			cipher_xform.cipher.key.length = test_vector->cipher_key.length;
-			cipher_xform.cipher.iv.length = test_vector->cipher_iv.length;
 		} else {
 			cipher_xform.cipher.key.data = NULL;
 			cipher_xform.cipher.key.length = 0;
-			cipher_xform.cipher.iv.length = 0;
 		}
 
 		/* Setup Auth Parameters */
@@ -601,8 +604,10 @@ cperf_create_session(struct rte_mempool *sess_mp,
 				.domain = options->pdcp_domain,
 				.pkt_dir = 0,
 				.sn_size = options->pdcp_sn_sz,
-				.hfn = 0x1,
+				.hfn = options->pdcp_ses_hfn_en ?
+					PDCP_DEFAULT_HFN : 0,
 				.hfn_threshold = 0x70C0A,
+				.hfn_ovrd = !(options->pdcp_ses_hfn_en),
 			} },
 			.crypto_xform = &cipher_xform
 		};
diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h
index e5f1edffc..256fabb07 100644
--- a/app/test-crypto-perf/cperf_options.h
+++ b/app/test-crypto-perf/cperf_options.h
@@ -50,6 +50,8 @@
 #ifdef RTE_LIBRTE_SECURITY
 #define CPERF_PDCP_SN_SZ	("pdcp-sn-sz")
 #define CPERF_PDCP_DOMAIN	("pdcp-domain")
+#define CPERF_PDCP_SES_HFN_EN	("pdcp-ses-hfn-en")
+#define PDCP_DEFAULT_HFN	0x1
 #define CPERF_DOCSIS_HDR_SZ	("docsis-hdr-sz")
 #endif
 
@@ -123,6 +125,7 @@ struct cperf_options {
 
 #ifdef RTE_LIBRTE_SECURITY
 	uint16_t pdcp_sn_sz;
+	uint16_t pdcp_ses_hfn_en;
 	enum rte_security_pdcp_domain pdcp_domain;
 	uint16_t docsis_hdr_sz;
 #endif
diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index 20577a144..44aa7f925 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -58,6 +58,9 @@ usage(char *progname)
 		"           and dequeue in pmd-cyclecount benchmarking mode\n"
 		" --csv-friendly: enable test result output CSV friendly\n"
 #ifdef RTE_LIBRTE_SECURITY
+		" --pdcp-sn-sz N: set PDCP SN size N <5/7/12/15/18>\n"
+		" --pdcp-domain DOMAIN: set PDCP domain <control/user>\n"
+		" --pdcp-ses-hfn-en: enable session based fixed HFN\n"
 		" --docsis-hdr-sz: set DOCSIS header size\n"
 #endif
 		" -h: prints this help\n",
@@ -834,6 +837,7 @@ static struct option lgopts[] = {
 #ifdef RTE_LIBRTE_SECURITY
 	{ CPERF_PDCP_SN_SZ, required_argument, 0, 0 },
 	{ CPERF_PDCP_DOMAIN, required_argument, 0, 0 },
+	{ CPERF_PDCP_SES_HFN_EN, no_argument, 0, 0 },
 	{ CPERF_DOCSIS_HDR_SZ, required_argument, 0, 0 },
 #endif
 	{ CPERF_CSV, no_argument, 0, 0},
@@ -905,6 +909,7 @@ cperf_options_default(struct cperf_options *opts)
 #ifdef RTE_LIBRTE_SECURITY
 	opts->pdcp_sn_sz = 12;
 	opts->pdcp_domain = RTE_SECURITY_PDCP_MODE_CONTROL;
+	opts->pdcp_ses_hfn_en = 0;
 	opts->docsis_hdr_sz = 17;
 #endif
 }
@@ -945,6 +950,7 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options *opts)
 #ifdef RTE_LIBRTE_SECURITY
 		{ CPERF_PDCP_SN_SZ,	parse_pdcp_sn_sz },
 		{ CPERF_PDCP_DOMAIN,	parse_pdcp_domain },
+		{ CPERF_PDCP_SES_HFN_EN,	parse_pdcp_ses_hfn_en },
 		{ CPERF_DOCSIS_HDR_SZ,	parse_docsis_hdr_sz },
 #endif
 		{ CPERF_CSV,		parse_csv_friendly},
@@ -1079,6 +1085,13 @@ check_docsis_buffer_length(struct cperf_options *options)
 
 	return 0;
 }
+
+static int
+parse_pdcp_ses_hfn_en(struct cperf_options *opts, const char *arg __rte_unused)
+{
+	opts->pdcp_ses_hfn_en = 1;
+	return 0;
+}
 #endif
 
 int
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index a8df8bc99..28b729dbd 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -347,6 +347,10 @@ The following are the application command-line options:
 
         Set DOCSIS header size(n) in bytes.
 
+* ``--pdcp-ses-hfn-en``
+
+        Enable fixed session based HFN instead of per packet HFN.
+
 Test Vector File
 ~~~~~~~~~~~~~~~~
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [dpdk-dev] [PATCH v2 0/3] Updates for HFN in PDCP
  2020-07-06  5:21 ` [dpdk-dev] [PATCH v2 0/3] Updates for HFN in PDCP Akhil Goyal
                     ` (2 preceding siblings ...)
  2020-07-06  5:21   ` [dpdk-dev] [PATCH v2 3/3] test/crypto-perf: add option to enable session HFN Akhil Goyal
@ 2020-07-06  5:45   ` Hemant Agrawal
  3 siblings, 0 replies; 12+ messages in thread
From: Hemant Agrawal @ 2020-07-06  5:45 UTC (permalink / raw)
  To: Akhil Goyal, dev; +Cc: Akhil Goyal

Series-
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>

-----Original Message-----
From: Akhil Goyal <akhil.goyal@nxp.com> 
Sent: Monday, July 6, 2020 10:52 AM
To: dev@dpdk.org
Cc: Hemant Agrawal <hemant.agrawal@nxp.com>; Akhil Goyal <akhil.goyal@nxp.com>
Subject: [PATCH v2 0/3] Updates for HFN in PDCP
Importance: High

Changes in v2:
updated test and test-crypto-perf for better test coverage to include both HFN override and per session HFN in testing.


Akhil Goyal (3):
  drivers/crypto: fix 18bit PDCP cases with HFN override
  test/crypto: update PDCP HFN scenarios
  test/crypto-perf: add option to enable session HFN

 app/test-crypto-perf/cperf_ops.c             | 11 +++--
 app/test-crypto-perf/cperf_options.h         |  3 ++
 app/test-crypto-perf/cperf_options_parsing.c | 13 ++++++
 app/test/test_cryptodev.c                    | 20 ++++++++-
 doc/guides/tools/cryptoperf.rst              |  4 ++
 drivers/common/dpaax/caamflib/desc/pdcp.h    | 44 ++++++++++++++++++++
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c  |  8 ++++
 drivers/crypto/dpaa_sec/dpaa_sec.c           | 33 +++------------
 8 files changed, 104 insertions(+), 32 deletions(-)

--
2.17.1


^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [dpdk-dev] [PATCH v3 0/3] Updates for HFN in PDCP
  2020-07-06  5:36     ` [dpdk-dev] [PATCH v3 0/3] Updates for HFN in PDCP Akhil Goyal
                         ` (2 preceding siblings ...)
  2020-07-06  5:36       ` [dpdk-dev] [PATCH v3 3/3] test/crypto-perf: add option to enable session HFN Akhil Goyal
@ 2020-07-06  5:57       ` Akhil Goyal
  3 siblings, 0 replies; 12+ messages in thread
From: Akhil Goyal @ 2020-07-06  5:57 UTC (permalink / raw)
  To: Akhil Goyal, dev; +Cc: Hemant Agrawal


> changes in v3:
> - fix checkpatch warning
> - changes were accidently done in test_pdcp_proto_SGL instead of
> test_pdcp_proto. Fixed.
> 
> Changes in v2:
> updated test and test-crypto-perf for better test coverage
> to include both HFN override and per session HFN in testing.
> 
v3 applied to dpdk-next-crypto with Hemant's Ack on v2 patches.

^ permalink raw reply	[flat|nested] 12+ messages in thread

end of thread, other threads:[~2020-07-06  5:57 UTC | newest]

Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-01 18:02 [dpdk-dev] [PATCH 1/2] drivers/crypto: fix 18bit PDCP cases with HFN override Akhil Goyal
2020-06-01 18:02 ` [dpdk-dev] [PATCH 2/2] test/crypto: enable hfn override in PDCP cases Akhil Goyal
2020-07-06  5:21 ` [dpdk-dev] [PATCH v2 0/3] Updates for HFN in PDCP Akhil Goyal
2020-07-06  5:21   ` [dpdk-dev] [PATCH v2 1/3] drivers/crypto: fix 18bit PDCP cases with HFN override Akhil Goyal
2020-07-06  5:36     ` [dpdk-dev] [PATCH v3 0/3] Updates for HFN in PDCP Akhil Goyal
2020-07-06  5:36       ` [dpdk-dev] [PATCH v3 1/3] drivers/crypto: fix 18bit PDCP cases with HFN override Akhil Goyal
2020-07-06  5:36       ` [dpdk-dev] [PATCH v3 2/3] test/crypto: update PDCP HFN scenarios Akhil Goyal
2020-07-06  5:36       ` [dpdk-dev] [PATCH v3 3/3] test/crypto-perf: add option to enable session HFN Akhil Goyal
2020-07-06  5:57       ` [dpdk-dev] [PATCH v3 0/3] Updates for HFN in PDCP Akhil Goyal
2020-07-06  5:21   ` [dpdk-dev] [PATCH v2 2/3] test/crypto: update PDCP HFN scenarios Akhil Goyal
2020-07-06  5:21   ` [dpdk-dev] [PATCH v2 3/3] test/crypto-perf: add option to enable session HFN Akhil Goyal
2020-07-06  5:45   ` [dpdk-dev] [PATCH v2 0/3] Updates for HFN in PDCP Hemant Agrawal

DPDK patches and discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ https://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git