* [PATCH 2/8] app/test-crypto-perf: support SDAP for PDCP operations
2022-04-25 4:14 [PATCH 1/8] app/test-crypto-perf: improve dequeue logic Gagandeep Singh
@ 2022-04-25 4:14 ` Gagandeep Singh
2022-05-13 9:49 ` [EXT] " Akhil Goyal
2022-04-25 4:14 ` [PATCH 3/8] examples/ipsec-secgw: support XCBC-MAC/DES-CBC Gagandeep Singh
` (7 subsequent siblings)
8 siblings, 1 reply; 49+ messages in thread
From: Gagandeep Singh @ 2022-04-25 4:14 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh
Add a command line option "--enable-sdap" to enable
Service Data Adaptation Protocol.
example command:
./dpdk-test-crypto-perf -c 0xc --log-level=8 --
--devtype crypto_dpaa2_sec --optype pdcp --cipher-algo aes-ctr
--cipher-op encrypt --auth-algo zuc-eia3 --auth-op generate
--auth-key-sz 16 --ptest throughput --total-ops 100000 --burst-sz 64
--buffer-sz 64,390,1512 --pool-sz 4096 --silent --pdcp-sn-sz 12
--pdcp-domain control --enable-sdap
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
app/test-crypto-perf/cperf_ops.c | 1 +
app/test-crypto-perf/cperf_options.h | 2 ++
app/test-crypto-perf/cperf_options_parsing.c | 12 ++++++++++++
3 files changed, 15 insertions(+)
diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 8baee12e45..67a7a0ac4f 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -860,6 +860,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
.hfn = options->pdcp_ses_hfn_en ?
PDCP_DEFAULT_HFN : 0,
.hfn_threshold = 0x70C0A,
+ .sdap_enabled = options->pdcp_sdap,
.hfn_ovrd = !(options->pdcp_ses_hfn_en),
} },
.crypto_xform = &cipher_xform
diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h
index 031b238b20..fffa6a2162 100644
--- a/app/test-crypto-perf/cperf_options.h
+++ b/app/test-crypto-perf/cperf_options.h
@@ -13,6 +13,7 @@
#define CPERF_PTEST_TYPE ("ptest")
#define CPERF_SILENT ("silent")
+#define CPERF_ENABLE_SDAP ("enable-sdap")
#define CPERF_POOL_SIZE ("pool-sz")
#define CPERF_TOTAL_OPS ("total-ops")
@@ -128,6 +129,7 @@ struct cperf_options {
#ifdef RTE_LIB_SECURITY
uint16_t pdcp_sn_sz;
uint16_t pdcp_ses_hfn_en;
+ uint16_t pdcp_sdap;
enum rte_security_pdcp_domain pdcp_domain;
uint16_t docsis_hdr_sz;
#endif
diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index 59a9dc596a..48cd1b5ba2 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -61,6 +61,7 @@ usage(char *progname)
" --pdcp-sn-sz N: set PDCP SN size N <5/7/12/15/18>\n"
" --pdcp-domain DOMAIN: set PDCP domain <control/user>\n"
" --pdcp-ses-hfn-en: enable session based fixed HFN\n"
+ " --enable-sdap: enable sdap\n"
" --docsis-hdr-sz: set DOCSIS header size\n"
#endif
" -h: prints this help\n",
@@ -535,6 +536,15 @@ parse_silent(struct cperf_options *opts,
return 0;
}
+static int
+parse_enable_sdap(struct cperf_options *opts,
+ const char *arg __rte_unused)
+{
+ opts->pdcp_sdap = 1;
+
+ return 0;
+}
+
static int
parse_cipher_algo(struct cperf_options *opts, const char *arg)
{
@@ -865,6 +875,7 @@ static struct option lgopts[] = {
{ CPERF_PDCP_SN_SZ, required_argument, 0, 0 },
{ CPERF_PDCP_DOMAIN, required_argument, 0, 0 },
{ CPERF_PDCP_SES_HFN_EN, no_argument, 0, 0 },
+ { CPERF_ENABLE_SDAP, no_argument, 0, 0 },
{ CPERF_DOCSIS_HDR_SZ, required_argument, 0, 0 },
#endif
{ CPERF_CSV, no_argument, 0, 0},
@@ -978,6 +989,7 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options *opts)
{ CPERF_PDCP_SN_SZ, parse_pdcp_sn_sz },
{ CPERF_PDCP_DOMAIN, parse_pdcp_domain },
{ CPERF_PDCP_SES_HFN_EN, parse_pdcp_ses_hfn_en },
+ { CPERF_ENABLE_SDAP, parse_enable_sdap },
{ CPERF_DOCSIS_HDR_SZ, parse_docsis_hdr_sz },
#endif
{ CPERF_CSV, parse_csv_friendly},
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* RE: [EXT] [PATCH 2/8] app/test-crypto-perf: support SDAP for PDCP operations
2022-04-25 4:14 ` [PATCH 2/8] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh
@ 2022-05-13 9:49 ` Akhil Goyal
0 siblings, 0 replies; 49+ messages in thread
From: Akhil Goyal @ 2022-05-13 9:49 UTC (permalink / raw)
To: Gagandeep Singh, dev
> Add a command line option "--enable-sdap" to enable
> Service Data Adaptation Protocol.
>
> example command:
> ./dpdk-test-crypto-perf -c 0xc --log-level=8 --
> --devtype crypto_dpaa2_sec --optype pdcp --cipher-algo aes-ctr
> --cipher-op encrypt --auth-algo zuc-eia3 --auth-op generate
> --auth-key-sz 16 --ptest throughput --total-ops 100000 --burst-sz 64
> --buffer-sz 64,390,1512 --pool-sz 4096 --silent --pdcp-sn-sz 12
> --pdcp-domain control --enable-sdap
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> ---
> app/test-crypto-perf/cperf_ops.c | 1 +
> app/test-crypto-perf/cperf_options.h | 2 ++
> app/test-crypto-perf/cperf_options_parsing.c | 12 ++++++++++++
> 3 files changed, 15 insertions(+)
Missing documentation update for the new option added.
>
> diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
> index 8baee12e45..67a7a0ac4f 100644
> --- a/app/test-crypto-perf/cperf_ops.c
> +++ b/app/test-crypto-perf/cperf_ops.c
> @@ -860,6 +860,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
> .hfn = options->pdcp_ses_hfn_en ?
> PDCP_DEFAULT_HFN : 0,
> .hfn_threshold = 0x70C0A,
> + .sdap_enabled = options->pdcp_sdap,
> .hfn_ovrd = !(options->pdcp_ses_hfn_en),
> } },
> .crypto_xform = &cipher_xform
> diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-
> perf/cperf_options.h
> index 031b238b20..fffa6a2162 100644
> --- a/app/test-crypto-perf/cperf_options.h
> +++ b/app/test-crypto-perf/cperf_options.h
> @@ -13,6 +13,7 @@
>
> #define CPERF_PTEST_TYPE ("ptest")
> #define CPERF_SILENT ("silent")
> +#define CPERF_ENABLE_SDAP ("enable-sdap")
>
> #define CPERF_POOL_SIZE ("pool-sz")
> #define CPERF_TOTAL_OPS ("total-ops")
> @@ -128,6 +129,7 @@ struct cperf_options {
> #ifdef RTE_LIB_SECURITY
> uint16_t pdcp_sn_sz;
> uint16_t pdcp_ses_hfn_en;
> + uint16_t pdcp_sdap;
> enum rte_security_pdcp_domain pdcp_domain;
> uint16_t docsis_hdr_sz;
> #endif
> diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-
> perf/cperf_options_parsing.c
> index 59a9dc596a..48cd1b5ba2 100644
> --- a/app/test-crypto-perf/cperf_options_parsing.c
> +++ b/app/test-crypto-perf/cperf_options_parsing.c
> @@ -61,6 +61,7 @@ usage(char *progname)
> " --pdcp-sn-sz N: set PDCP SN size N <5/7/12/15/18>\n"
> " --pdcp-domain DOMAIN: set PDCP domain <control/user>\n"
> " --pdcp-ses-hfn-en: enable session based fixed HFN\n"
> + " --enable-sdap: enable sdap\n"
> " --docsis-hdr-sz: set DOCSIS header size\n"
> #endif
> " -h: prints this help\n",
> @@ -535,6 +536,15 @@ parse_silent(struct cperf_options *opts,
> return 0;
> }
>
> +static int
> +parse_enable_sdap(struct cperf_options *opts,
> + const char *arg __rte_unused)
> +{
> + opts->pdcp_sdap = 1;
> +
> + return 0;
> +}
> +
> static int
> parse_cipher_algo(struct cperf_options *opts, const char *arg)
> {
> @@ -865,6 +875,7 @@ static struct option lgopts[] = {
> { CPERF_PDCP_SN_SZ, required_argument, 0, 0 },
> { CPERF_PDCP_DOMAIN, required_argument, 0, 0 },
> { CPERF_PDCP_SES_HFN_EN, no_argument, 0, 0 },
> + { CPERF_ENABLE_SDAP, no_argument, 0, 0 },
> { CPERF_DOCSIS_HDR_SZ, required_argument, 0, 0 },
> #endif
> { CPERF_CSV, no_argument, 0, 0},
> @@ -978,6 +989,7 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options
> *opts)
> { CPERF_PDCP_SN_SZ, parse_pdcp_sn_sz },
> { CPERF_PDCP_DOMAIN, parse_pdcp_domain },
> { CPERF_PDCP_SES_HFN_EN, parse_pdcp_ses_hfn_en },
> + { CPERF_ENABLE_SDAP, parse_enable_sdap },
Follow similar formatting as other options.
> { CPERF_DOCSIS_HDR_SZ, parse_docsis_hdr_sz },
> #endif
> { CPERF_CSV, parse_csv_friendly},
> --
> 2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH 3/8] examples/ipsec-secgw: support XCBC-MAC/DES-CBC
2022-04-25 4:14 [PATCH 1/8] app/test-crypto-perf: improve dequeue logic Gagandeep Singh
2022-04-25 4:14 ` [PATCH 2/8] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh
@ 2022-04-25 4:14 ` Gagandeep Singh
2022-05-13 9:54 ` [EXT] " Akhil Goyal
2022-04-25 4:14 ` [PATCH 4/8] examples/l2fwd-crypto: add signal handler for exit Gagandeep Singh
` (6 subsequent siblings)
8 siblings, 1 reply; 49+ messages in thread
From: Gagandeep Singh @ 2022-04-25 4:14 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh
ipsec-secgw application is updated to support
DES-CBC ciphering and XCBC-MAC authentication
based IPsec functionality.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
examples/ipsec-secgw/esp.c | 5 +++++
examples/ipsec-secgw/sa.c | 8 ++++++++
2 files changed, 13 insertions(+)
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index bd233752c8..b72a5604c8 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -100,6 +100,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
switch (sa->cipher_algo) {
case RTE_CRYPTO_CIPHER_NULL:
+ case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CBC:
/* Copy IV at the end of crypto operation */
@@ -121,6 +122,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
case RTE_CRYPTO_AUTH_NULL:
case RTE_CRYPTO_AUTH_SHA1_HMAC:
case RTE_CRYPTO_AUTH_SHA256_HMAC:
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
sym_cop->auth.data.offset = ip_hdr_len;
sym_cop->auth.data.length = sizeof(struct rte_esp_hdr) +
sa->iv_len + payload_len;
@@ -336,6 +338,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
} else {
switch (sa->cipher_algo) {
case RTE_CRYPTO_CIPHER_NULL:
+ case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CBC:
memset(iv, 0, sa->iv_len);
@@ -399,6 +402,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
} else {
switch (sa->cipher_algo) {
case RTE_CRYPTO_CIPHER_NULL:
+ case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CBC:
sym_cop->cipher.data.offset = ip_hdr_len +
@@ -431,6 +435,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
case RTE_CRYPTO_AUTH_NULL:
case RTE_CRYPTO_AUTH_SHA1_HMAC:
case RTE_CRYPTO_AUTH_SHA256_HMAC:
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
sym_cop->auth.data.offset = ip_hdr_len;
sym_cop->auth.data.length = sizeof(struct rte_esp_hdr) +
sa->iv_len + pad_payload_len;
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 1839ac71af..8159b32a72 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -119,6 +119,13 @@ const struct supported_cipher_algo cipher_algos[] = {
.iv_len = 8,
.block_size = 8,
.key_len = 24
+ },
+ {
+ .keyword = "des-cbc",
+ .algo = RTE_CRYPTO_CIPHER_DES_CBC,
+ .iv_len = 8,
+ .block_size = 8,
+ .key_len = 8
}
};
@@ -1301,6 +1308,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
} else {
switch (sa->cipher_algo) {
case RTE_CRYPTO_CIPHER_NULL:
+ case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CBC:
case RTE_CRYPTO_CIPHER_AES_CTR:
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* RE: [EXT] [PATCH 3/8] examples/ipsec-secgw: support XCBC-MAC/DES-CBC
2022-04-25 4:14 ` [PATCH 3/8] examples/ipsec-secgw: support XCBC-MAC/DES-CBC Gagandeep Singh
@ 2022-05-13 9:54 ` Akhil Goyal
2022-05-16 9:45 ` Gagandeep Singh
0 siblings, 1 reply; 49+ messages in thread
From: Akhil Goyal @ 2022-05-13 9:54 UTC (permalink / raw)
To: Gagandeep Singh, dev
> ipsec-secgw application is updated to support
> DES-CBC ciphering and XCBC-MAC authentication
> based IPsec functionality.
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> ---
> examples/ipsec-secgw/esp.c | 5 +++++
> examples/ipsec-secgw/sa.c | 8 ++++++++
> 2 files changed, 13 insertions(+)
Documentation updates missing for new algos
"doc/guides/sample_app_ug/ipsec_secgw.rst"
>
> diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
> index bd233752c8..b72a5604c8 100644
> --- a/examples/ipsec-secgw/esp.c
> +++ b/examples/ipsec-secgw/esp.c
> @@ -100,6 +100,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
>
> switch (sa->cipher_algo) {
> case RTE_CRYPTO_CIPHER_NULL:
> + case RTE_CRYPTO_CIPHER_DES_CBC:
> case RTE_CRYPTO_CIPHER_3DES_CBC:
> case RTE_CRYPTO_CIPHER_AES_CBC:
> /* Copy IV at the end of crypto operation */
> @@ -121,6 +122,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> case RTE_CRYPTO_AUTH_NULL:
> case RTE_CRYPTO_AUTH_SHA1_HMAC:
> case RTE_CRYPTO_AUTH_SHA256_HMAC:
> + case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
> sym_cop->auth.data.offset = ip_hdr_len;
> sym_cop->auth.data.length = sizeof(struct rte_esp_hdr)
> +
> sa->iv_len + payload_len;
> @@ -336,6 +338,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> } else {
> switch (sa->cipher_algo) {
> case RTE_CRYPTO_CIPHER_NULL:
> + case RTE_CRYPTO_CIPHER_DES_CBC:
> case RTE_CRYPTO_CIPHER_3DES_CBC:
> case RTE_CRYPTO_CIPHER_AES_CBC:
> memset(iv, 0, sa->iv_len);
> @@ -399,6 +402,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> } else {
> switch (sa->cipher_algo) {
> case RTE_CRYPTO_CIPHER_NULL:
> + case RTE_CRYPTO_CIPHER_DES_CBC:
> case RTE_CRYPTO_CIPHER_3DES_CBC:
> case RTE_CRYPTO_CIPHER_AES_CBC:
> sym_cop->cipher.data.offset = ip_hdr_len +
> @@ -431,6 +435,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> case RTE_CRYPTO_AUTH_NULL:
> case RTE_CRYPTO_AUTH_SHA1_HMAC:
> case RTE_CRYPTO_AUTH_SHA256_HMAC:
> + case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
> sym_cop->auth.data.offset = ip_hdr_len;
> sym_cop->auth.data.length = sizeof(struct rte_esp_hdr)
> +
> sa->iv_len + pad_payload_len;
> diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
> index 1839ac71af..8159b32a72 100644
> --- a/examples/ipsec-secgw/sa.c
> +++ b/examples/ipsec-secgw/sa.c
> @@ -119,6 +119,13 @@ const struct supported_cipher_algo cipher_algos[] = {
> .iv_len = 8,
> .block_size = 8,
> .key_len = 24
> + },
> + {
> + .keyword = "des-cbc",
> + .algo = RTE_CRYPTO_CIPHER_DES_CBC,
> + .iv_len = 8,
> + .block_size = 8,
> + .key_len = 8
> }
> };
>
> @@ -1301,6 +1308,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> ipsec_sa entries[],
> } else {
> switch (sa->cipher_algo) {
> case RTE_CRYPTO_CIPHER_NULL:
> + case RTE_CRYPTO_CIPHER_DES_CBC:
> case RTE_CRYPTO_CIPHER_3DES_CBC:
> case RTE_CRYPTO_CIPHER_AES_CBC:
> case RTE_CRYPTO_CIPHER_AES_CTR:
> --
> 2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* RE: [EXT] [PATCH 3/8] examples/ipsec-secgw: support XCBC-MAC/DES-CBC
2022-05-13 9:54 ` [EXT] " Akhil Goyal
@ 2022-05-16 9:45 ` Gagandeep Singh
0 siblings, 0 replies; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-16 9:45 UTC (permalink / raw)
To: Akhil Goyal, dev
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Friday, May 13, 2022 3:24 PM
> To: Gagandeep Singh <G.Singh@nxp.com>; dev@dpdk.org
> Subject: RE: [EXT] [PATCH 3/8] examples/ipsec-secgw: support XCBC-MAC/DES-
> CBC
>
> > ipsec-secgw application is updated to support DES-CBC ciphering and
> > XCBC-MAC authentication based IPsec functionality.
> >
> > Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> > ---
> > examples/ipsec-secgw/esp.c | 5 +++++
> > examples/ipsec-secgw/sa.c | 8 ++++++++
> > 2 files changed, 13 insertions(+)
> Documentation updates missing for new algos
> "doc/guides/sample_app_ug/ipsec_secgw.rst"
Ok, It appears algo SHA256_HMAC is also missing in the document.
>
> >
> > diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
> > index bd233752c8..b72a5604c8 100644
> > --- a/examples/ipsec-secgw/esp.c
> > +++ b/examples/ipsec-secgw/esp.c
> > @@ -100,6 +100,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa
> > *sa,
> >
> > switch (sa->cipher_algo) {
> > case RTE_CRYPTO_CIPHER_NULL:
> > + case RTE_CRYPTO_CIPHER_DES_CBC:
> > case RTE_CRYPTO_CIPHER_3DES_CBC:
> > case RTE_CRYPTO_CIPHER_AES_CBC:
> > /* Copy IV at the end of crypto operation */ @@ -121,6
> +122,7 @@
> > esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> > case RTE_CRYPTO_AUTH_NULL:
> > case RTE_CRYPTO_AUTH_SHA1_HMAC:
> > case RTE_CRYPTO_AUTH_SHA256_HMAC:
> > + case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
> > sym_cop->auth.data.offset = ip_hdr_len;
> > sym_cop->auth.data.length = sizeof(struct rte_esp_hdr)
> > +
> > sa->iv_len + payload_len;
> > @@ -336,6 +338,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> > } else {
> > switch (sa->cipher_algo) {
> > case RTE_CRYPTO_CIPHER_NULL:
> > + case RTE_CRYPTO_CIPHER_DES_CBC:
> > case RTE_CRYPTO_CIPHER_3DES_CBC:
> > case RTE_CRYPTO_CIPHER_AES_CBC:
> > memset(iv, 0, sa->iv_len);
> > @@ -399,6 +402,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> > } else {
> > switch (sa->cipher_algo) {
> > case RTE_CRYPTO_CIPHER_NULL:
> > + case RTE_CRYPTO_CIPHER_DES_CBC:
> > case RTE_CRYPTO_CIPHER_3DES_CBC:
> > case RTE_CRYPTO_CIPHER_AES_CBC:
> > sym_cop->cipher.data.offset = ip_hdr_len + @@ -431,6
> +435,7 @@
> > esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
> > case RTE_CRYPTO_AUTH_NULL:
> > case RTE_CRYPTO_AUTH_SHA1_HMAC:
> > case RTE_CRYPTO_AUTH_SHA256_HMAC:
> > + case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
> > sym_cop->auth.data.offset = ip_hdr_len;
> > sym_cop->auth.data.length = sizeof(struct rte_esp_hdr)
> > +
> > sa->iv_len + pad_payload_len;
> > diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
> > index 1839ac71af..8159b32a72 100644
> > --- a/examples/ipsec-secgw/sa.c
> > +++ b/examples/ipsec-secgw/sa.c
> > @@ -119,6 +119,13 @@ const struct supported_cipher_algo cipher_algos[] =
> {
> > .iv_len = 8,
> > .block_size = 8,
> > .key_len = 24
> > + },
> > + {
> > + .keyword = "des-cbc",
> > + .algo = RTE_CRYPTO_CIPHER_DES_CBC,
> > + .iv_len = 8,
> > + .block_size = 8,
> > + .key_len = 8
> > }
> > };
> >
> > @@ -1301,6 +1308,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct
> > ipsec_sa entries[],
> > } else {
> > switch (sa->cipher_algo) {
> > case RTE_CRYPTO_CIPHER_NULL:
> > + case RTE_CRYPTO_CIPHER_DES_CBC:
> > case RTE_CRYPTO_CIPHER_3DES_CBC:
> > case RTE_CRYPTO_CIPHER_AES_CBC:
> > case RTE_CRYPTO_CIPHER_AES_CTR:
> > --
> > 2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH 4/8] examples/l2fwd-crypto: add signal handler for exit
2022-04-25 4:14 [PATCH 1/8] app/test-crypto-perf: improve dequeue logic Gagandeep Singh
2022-04-25 4:14 ` [PATCH 2/8] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh
2022-04-25 4:14 ` [PATCH 3/8] examples/ipsec-secgw: support XCBC-MAC/DES-CBC Gagandeep Singh
@ 2022-04-25 4:14 ` Gagandeep Singh
2022-04-25 4:14 ` [PATCH 5/8] test/crypto: fix pmd name for dpaa raw buffer crypto driver Gagandeep Singh
` (5 subsequent siblings)
8 siblings, 0 replies; 49+ messages in thread
From: Gagandeep Singh @ 2022-04-25 4:14 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh
Handle SIGINT and SIGTERM signals.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
examples/l2fwd-crypto/main.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index bbdb263143..1764fc7abc 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -18,6 +18,7 @@
#include <getopt.h>
#include <fcntl.h>
#include <unistd.h>
+#include <signal.h>
#include <rte_string_fns.h>
#include <rte_branch_prediction.h>
@@ -258,6 +259,9 @@ struct l2fwd_crypto_statistics crypto_statistics[RTE_CRYPTO_MAX_DEVS];
/* default period is 10 seconds */
static int64_t timer_period = 10 * TIMER_MILLISECOND * 1000;
+/* Global signal */
+unsigned int signal_received;
+
/* Print out statistics on packets dropped */
static void
print_stats(void)
@@ -925,6 +929,8 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
nb_rx = rte_eth_rx_burst(portid, 0,
pkts_burst, MAX_PKT_BURST);
+ if (unlikely(signal_received))
+ return;
port_statistics[portid].rx += nb_rx;
@@ -2762,6 +2768,13 @@ reserve_key_memory(struct l2fwd_crypto_options *options)
options->aad.phys_addr = rte_malloc_virt2iova(options->aad.data);
}
+static void
+raise_signal(int signum)
+{
+ signal_received = 1;
+ printf("Exiting on signal (%d)\n", signum);
+}
+
int
main(int argc, char **argv)
{
@@ -2774,6 +2787,9 @@ main(int argc, char **argv)
int ret, enabled_cdevcount, enabled_portcount;
uint8_t enabled_cdevs[RTE_CRYPTO_MAX_DEVS] = {0};
+ signal(SIGINT, raise_signal);
+ signal(SIGTERM, raise_signal);
+
/* init EAL */
ret = rte_eal_init(argc, argv);
if (ret < 0)
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH 5/8] test/crypto: fix pmd name for dpaa raw buffer crypto driver
2022-04-25 4:14 [PATCH 1/8] app/test-crypto-perf: improve dequeue logic Gagandeep Singh
` (2 preceding siblings ...)
2022-04-25 4:14 ` [PATCH 4/8] examples/l2fwd-crypto: add signal handler for exit Gagandeep Singh
@ 2022-04-25 4:14 ` Gagandeep Singh
2022-04-25 4:14 ` [PATCH 6/8] test/crypto: support raw buffer APIs for PDCP Gagandeep Singh
` (4 subsequent siblings)
8 siblings, 0 replies; 49+ messages in thread
From: Gagandeep Singh @ 2022-04-25 4:14 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh, stable
PMD name for DPAA raw buffer crypto driver test cases is
updated with correct name.
Fixes: cd8166c28cd1 ("test/crypto: add raw API test for dpaax")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
app/test/test_cryptodev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index f444144cc6..5a60fc5c73 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -16588,7 +16588,7 @@ test_cryptodev_dpaa2_sec_raw_api(void)
static int
test_cryptodev_dpaa_sec_raw_api(void)
{
- static const char *pmd_name = RTE_STR(CRYPTODEV_NAME_DPAA2_SEC_PMD);
+ static const char *pmd_name = RTE_STR(CRYPTODEV_NAME_DPAA_SEC_PMD);
int ret;
ret = require_feature_flag(pmd_name, RTE_CRYPTODEV_FF_SYM_RAW_DP,
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH 6/8] test/crypto: support raw buffer APIs for PDCP
2022-04-25 4:14 [PATCH 1/8] app/test-crypto-perf: improve dequeue logic Gagandeep Singh
` (3 preceding siblings ...)
2022-04-25 4:14 ` [PATCH 5/8] test/crypto: fix pmd name for dpaa raw buffer crypto driver Gagandeep Singh
@ 2022-04-25 4:14 ` Gagandeep Singh
2022-04-25 4:14 ` [PATCH 7/8] test/crypto: add external buffer test case Gagandeep Singh
` (3 subsequent siblings)
8 siblings, 0 replies; 49+ messages in thread
From: Gagandeep Singh @ 2022-04-25 4:14 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh
This patch supports raw buffer APIs testing for
PDCP test cases.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
app/test/test_cryptodev.c | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 5a60fc5c73..0b53ec0078 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -8370,6 +8370,11 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
struct rte_security_ctx *ctx = (struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(
ts_params->valid_devs[0]);
+ struct rte_cryptodev_info dev_info;
+ uint64_t feat_flags;
+
+ rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+ feat_flags = dev_info.feature_flags;
/* Verify the capabilities */
struct rte_security_capability_idx sec_cap_idx;
@@ -8391,6 +8396,11 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
input_vec_len);
memcpy(plaintext, input_vec, input_vec_len);
+ if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
+ (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
+ printf("Device does not support RAW data-path APIs.\n");
+ return TEST_SKIPPED;
+ }
/* Out of place support */
if (oop) {
/*
@@ -8483,8 +8493,16 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
ut_params->op->sym->m_dst = ut_params->obuf;
/* Process crypto operation */
- if (process_crypto_request(ts_params->valid_devs[0], ut_params->op)
- == NULL) {
+ if (global_api_test_type == CRYPTODEV_RAW_API_TEST) {
+ /* filling lengths */
+ ut_params->op->sym->cipher.data.length = ut_params->op->sym->m_src->pkt_len;
+ ut_params->op->sym->auth.data.length = ut_params->op->sym->m_src->pkt_len;
+ process_sym_raw_dp_op(ts_params->valid_devs[0], 0,
+ ut_params->op, 1, 1, 0, 0);
+ } else {
+ ut_params->op = process_crypto_request(ts_params->valid_devs[0], ut_params->op);
+ }
+ if (ut_params->op == NULL) {
printf("TestCase %s()-%d line %d failed %s: ",
__func__, i, __LINE__,
"failed to process sym crypto op");
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH 7/8] test/crypto: add external buffer test case
2022-04-25 4:14 [PATCH 1/8] app/test-crypto-perf: improve dequeue logic Gagandeep Singh
` (4 preceding siblings ...)
2022-04-25 4:14 ` [PATCH 6/8] test/crypto: support raw buffer APIs for PDCP Gagandeep Singh
@ 2022-04-25 4:14 ` Gagandeep Singh
2022-05-13 10:26 ` [EXT] " Akhil Goyal
2022-04-25 4:14 ` [PATCH 8/8] test/crypto: add short MAC-I test vector for zuc Gagandeep Singh
` (2 subsequent siblings)
8 siblings, 1 reply; 49+ messages in thread
From: Gagandeep Singh @ 2022-04-25 4:14 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh
Add a test case to verify crypto functionality
with external buffer.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
app/test/test_cryptodev.c | 163 ++++++++++++++++++++++++++++++++++++++
1 file changed, 163 insertions(+)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 0b53ec0078..b4ffb4fd94 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -2270,6 +2270,167 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
return TEST_SUCCESS;
}
+static inline void
+ext_buf_free_callback_fn(void *addr,
+ void *ext_buf_ptr __rte_unused)
+{
+ rte_free(addr);
+}
+
+static int
+test_AES_CBC_HMAC_SHA1_encrypt_digest_ext_buffer(void)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ struct crypto_unittest_params *ut_params = &unittest_params;
+ int status;
+ void *buf;
+ rte_iova_t iova;
+ uint16_t buf_len = QUOTE_1024_BYTES;
+ struct rte_mbuf_ext_shared_info *shinfo = NULL;
+ struct rte_mbuf *m;
+
+
+ /* Verify the capabilities */
+ struct rte_cryptodev_sym_capability_idx cap_idx;
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+ cap_idx.algo.auth = RTE_CRYPTO_AUTH_SHA1_HMAC;
+ if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
+ &cap_idx) == NULL)
+ return TEST_SKIPPED;
+ cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+ cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_AES_CBC;
+ if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
+ &cap_idx) == NULL)
+ return TEST_SKIPPED;
+
+ buf = rte_malloc(NULL, buf_len, RTE_CACHE_LINE_SIZE);
+ if (buf == NULL)
+ return TEST_SKIPPED;
+
+ rte_memcpy(buf, catch_22_quote, QUOTE_512_BYTES);
+ shinfo = rte_pktmbuf_ext_shinfo_init_helper(buf, &buf_len,
+ ext_buf_free_callback_fn, NULL);
+ if (unlikely(shinfo == NULL)) {
+ rte_free(buf);
+ return -1;
+ }
+ iova = rte_malloc_virt2iova(buf);
+ m = rte_pktmbuf_alloc(ts_params->mbuf_pool);
+ if (m == NULL)
+ return TEST_SKIPPED;
+ rte_pktmbuf_attach_extbuf(m, buf, iova, buf_len, shinfo);
+ rte_pktmbuf_reset_headroom(m);
+ m->pkt_len = QUOTE_512_BYTES;
+ m->data_len = QUOTE_512_BYTES;
+ m->data_off = 0;
+
+ ut_params->ibuf = m;
+
+ ut_params->digest = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
+ DIGEST_BYTE_LENGTH_SHA1);
+ TEST_ASSERT_NOT_NULL(ut_params->digest, "no room to append digest");
+
+ /* Setup Cipher Parameters */
+ ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
+ ut_params->cipher_xform.next = &ut_params->auth_xform;
+
+ ut_params->cipher_xform.cipher.algo = RTE_CRYPTO_CIPHER_AES_CBC;
+ ut_params->cipher_xform.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT;
+ ut_params->cipher_xform.cipher.key.data = aes_cbc_key;
+ ut_params->cipher_xform.cipher.key.length = CIPHER_KEY_LENGTH_AES_CBC;
+ ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
+ ut_params->cipher_xform.cipher.iv.length = CIPHER_IV_LENGTH_AES_CBC;
+
+ /* Setup HMAC Parameters */
+ ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
+
+ ut_params->auth_xform.next = NULL;
+
+ ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
+ ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
+ ut_params->auth_xform.auth.key.length = HMAC_KEY_LENGTH_SHA1;
+ ut_params->auth_xform.auth.key.data = hmac_sha1_key;
+ ut_params->auth_xform.auth.digest_length = DIGEST_BYTE_LENGTH_SHA1;
+
+ ut_params->sess = rte_cryptodev_sym_session_create(
+ ts_params->session_mpool);
+ TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
+
+ /* Create crypto session*/
+ status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
+ ut_params->sess, &ut_params->cipher_xform,
+ ts_params->session_priv_mpool);
+
+ if (status == -ENOTSUP)
+ return TEST_SKIPPED;
+
+ TEST_ASSERT_EQUAL(status, 0, "Session init failed");
+
+ /* Generate crypto op data structure */
+ ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
+ RTE_CRYPTO_OP_TYPE_SYMMETRIC);
+ TEST_ASSERT_NOT_NULL(ut_params->op,
+ "Failed to allocate symmetric crypto operation struct");
+
+ rte_crypto_op_attach_sym_session(ut_params->op, ut_params->sess);
+
+ struct rte_crypto_sym_op *sym_op = ut_params->op->sym;
+
+ /* set crypto operation source mbuf */
+ sym_op->m_src = ut_params->ibuf;
+
+ /* Set crypto operation authentication parameters */
+ sym_op->auth.digest.data = ut_params->digest;
+ sym_op->auth.digest.phys_addr = rte_pktmbuf_iova_offset(
+ ut_params->ibuf, QUOTE_512_BYTES);
+
+ sym_op->auth.data.offset = 0;
+ sym_op->auth.data.length = QUOTE_512_BYTES;
+
+ /* Copy IV at the end of the crypto operation */
+ rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *, IV_OFFSET),
+ aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC);
+
+ /* Set crypto operation cipher parameters */
+ sym_op->cipher.data.offset = 0;
+ sym_op->cipher.data.length = QUOTE_512_BYTES;
+
+ /* Process crypto operation */
+ if (gbl_action_type == RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO)
+ process_cpu_crypt_auth_op(ts_params->valid_devs[0],
+ ut_params->op);
+ else
+ TEST_ASSERT_NOT_NULL(
+ process_crypto_request(ts_params->valid_devs[0],
+ ut_params->op),
+ "failed to process sym crypto op");
+
+ TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS,
+ "crypto op processing failed");
+
+ /* Validate obuf */
+ uint8_t *ciphertext = rte_pktmbuf_mtod(ut_params->op->sym->m_src,
+ uint8_t *);
+
+ TEST_ASSERT_BUFFERS_ARE_EQUAL(ciphertext,
+ catch_22_quote_2_512_bytes_AES_CBC_ciphertext,
+ QUOTE_512_BYTES,
+ "ciphertext data not as expected");
+
+ uint8_t *digest = ciphertext + QUOTE_512_BYTES;
+
+ TEST_ASSERT_BUFFERS_ARE_EQUAL(digest,
+ catch_22_quote_2_512_bytes_AES_CBC_HMAC_SHA1_digest,
+ gbl_driver_id == rte_cryptodev_driver_id_get(
+ RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD)) ?
+ TRUNCATED_DIGEST_BYTE_LENGTH_SHA1 :
+ DIGEST_BYTE_LENGTH_SHA1,
+ "Generated digest data not as expected");
+
+ return TEST_SUCCESS;
+}
+
+
/* ***** AES-CBC / HMAC-SHA512 Hash Tests ***** */
#define HMAC_KEY_LENGTH_SHA512 (DIGEST_BYTE_LENGTH_SHA512)
@@ -15458,6 +15619,8 @@ static struct unit_test_suite cryptodev_gen_testsuite = {
TEST_CASE_ST(ut_setup, ut_teardown, test_stats),
TEST_CASE_ST(ut_setup, ut_teardown, test_enq_callback_setup),
TEST_CASE_ST(ut_setup, ut_teardown, test_deq_callback_setup),
+ TEST_CASE_ST(ut_setup, ut_teardown,
+ test_AES_CBC_HMAC_SHA1_encrypt_digest_ext_buffer),
TEST_CASES_END() /**< NULL terminate unit test array */
}
};
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* RE: [EXT] [PATCH 7/8] test/crypto: add external buffer test case
2022-04-25 4:14 ` [PATCH 7/8] test/crypto: add external buffer test case Gagandeep Singh
@ 2022-05-13 10:26 ` Akhil Goyal
2022-05-16 7:25 ` Gagandeep Singh
0 siblings, 1 reply; 49+ messages in thread
From: Akhil Goyal @ 2022-05-13 10:26 UTC (permalink / raw)
To: Gagandeep Singh, dev, Power, Ciara, Zhang, Roy Fan
> Add a test case to verify crypto functionality
> with external buffer.
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> ---
> app/test/test_cryptodev.c | 163 ++++++++++++++++++++++++++++++++++++++
> 1 file changed, 163 insertions(+)
>
> diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
> index 0b53ec0078..b4ffb4fd94 100644
> --- a/app/test/test_cryptodev.c
> +++ b/app/test/test_cryptodev.c
> @@ -2270,6 +2270,167 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
> return TEST_SUCCESS;
> }
>
> +static inline void
> +ext_buf_free_callback_fn(void *addr,
> + void *ext_buf_ptr __rte_unused)
> +{
> + rte_free(addr);
> +}
> +
> +static int
> +test_AES_CBC_HMAC_SHA1_encrypt_digest_ext_buffer(void)
> +{
> + struct crypto_testsuite_params *ts_params = &testsuite_params;
> + struct crypto_unittest_params *ut_params = &unittest_params;
> + int status;
> + void *buf;
> + rte_iova_t iova;
> + uint16_t buf_len = QUOTE_1024_BYTES;
> + struct rte_mbuf_ext_shared_info *shinfo = NULL;
> + struct rte_mbuf *m;
> +
> +
Extra line
> + /* Verify the capabilities */
> + struct rte_cryptodev_sym_capability_idx cap_idx;
> + cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
> + cap_idx.algo.auth = RTE_CRYPTO_AUTH_SHA1_HMAC;
> + if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
> + &cap_idx) == NULL)
> + return TEST_SKIPPED;
> + cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
> + cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_AES_CBC;
> + if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
> + &cap_idx) == NULL)
> + return TEST_SKIPPED;
Repeated code.
> +
> + buf = rte_malloc(NULL, buf_len, RTE_CACHE_LINE_SIZE);
> + if (buf == NULL)
> + return TEST_SKIPPED;
Why skipped? It is an error if malloc is failed.
> +
> + rte_memcpy(buf, catch_22_quote, QUOTE_512_BYTES);
> + shinfo = rte_pktmbuf_ext_shinfo_init_helper(buf, &buf_len,
> + ext_buf_free_callback_fn, NULL);
> + if (unlikely(shinfo == NULL)) {
> + rte_free(buf);
> + return -1;
> + }
> + iova = rte_malloc_virt2iova(buf);
> + m = rte_pktmbuf_alloc(ts_params->mbuf_pool);
> + if (m == NULL)
> + return TEST_SKIPPED;
Again, it should be TEST_FAILED
> + rte_pktmbuf_attach_extbuf(m, buf, iova, buf_len, shinfo);
> + rte_pktmbuf_reset_headroom(m);
> + m->pkt_len = QUOTE_512_BYTES;
> + m->data_len = QUOTE_512_BYTES;
Please use proper APIs to append data and increase lengths.
> + m->data_off = 0;
Why is data off rewritten as 0?
It is modified by rte_pktmbuf_reset_headroom().
> +
> + ut_params->ibuf = m;
> +
> + ut_params->digest = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
> + DIGEST_BYTE_LENGTH_SHA1);
> + TEST_ASSERT_NOT_NULL(ut_params->digest, "no room to append
> digest");
> +
> + /* Setup Cipher Parameters */
> + ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
> + ut_params->cipher_xform.next = &ut_params->auth_xform;
> +
> + ut_params->cipher_xform.cipher.algo =
> RTE_CRYPTO_CIPHER_AES_CBC;
> + ut_params->cipher_xform.cipher.op =
> RTE_CRYPTO_CIPHER_OP_ENCRYPT;
> + ut_params->cipher_xform.cipher.key.data = aes_cbc_key;
> + ut_params->cipher_xform.cipher.key.length =
> CIPHER_KEY_LENGTH_AES_CBC;
> + ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
> + ut_params->cipher_xform.cipher.iv.length =
> CIPHER_IV_LENGTH_AES_CBC;
> +
> + /* Setup HMAC Parameters */
> + ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
> +
> + ut_params->auth_xform.next = NULL;
> +
> + ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
> + ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
> + ut_params->auth_xform.auth.key.length = HMAC_KEY_LENGTH_SHA1;
> + ut_params->auth_xform.auth.key.data = hmac_sha1_key;
> + ut_params->auth_xform.auth.digest_length =
> DIGEST_BYTE_LENGTH_SHA1;
> +
> + ut_params->sess = rte_cryptodev_sym_session_create(
> + ts_params->session_mpool);
> + TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
> +
> + /* Create crypto session*/
> + status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
> + ut_params->sess, &ut_params->cipher_xform,
> + ts_params->session_priv_mpool);
> +
> + if (status == -ENOTSUP)
> + return TEST_SKIPPED;
> +
> + TEST_ASSERT_EQUAL(status, 0, "Session init failed");
> +
> + /* Generate crypto op data structure */
> + ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
> + RTE_CRYPTO_OP_TYPE_SYMMETRIC);
> + TEST_ASSERT_NOT_NULL(ut_params->op,
> + "Failed to allocate symmetric crypto operation struct");
> +
> + rte_crypto_op_attach_sym_session(ut_params->op, ut_params->sess);
> +
> + struct rte_crypto_sym_op *sym_op = ut_params->op->sym;
> +
> + /* set crypto operation source mbuf */
> + sym_op->m_src = ut_params->ibuf;
> +
> + /* Set crypto operation authentication parameters */
> + sym_op->auth.digest.data = ut_params->digest;
> + sym_op->auth.digest.phys_addr = rte_pktmbuf_iova_offset(
> + ut_params->ibuf, QUOTE_512_BYTES);
> +
> + sym_op->auth.data.offset = 0;
> + sym_op->auth.data.length = QUOTE_512_BYTES;
> +
> + /* Copy IV at the end of the crypto operation */
> + rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
> IV_OFFSET),
> + aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC);
> +
> + /* Set crypto operation cipher parameters */
> + sym_op->cipher.data.offset = 0;
> + sym_op->cipher.data.length = QUOTE_512_BYTES;
> +
> + /* Process crypto operation */
> + if (gbl_action_type == RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO)
> + process_cpu_crypt_auth_op(ts_params->valid_devs[0],
> + ut_params->op);
> + else
> + TEST_ASSERT_NOT_NULL(
> + process_crypto_request(ts_params->valid_devs[0],
> + ut_params->op),
> + "failed to process sym crypto op");
> +
> + TEST_ASSERT_EQUAL(ut_params->op->status,
> RTE_CRYPTO_OP_STATUS_SUCCESS,
> + "crypto op processing failed");
> +
> + /* Validate obuf */
> + uint8_t *ciphertext = rte_pktmbuf_mtod(ut_params->op->sym->m_src,
> + uint8_t *);
> +
> + TEST_ASSERT_BUFFERS_ARE_EQUAL(ciphertext,
> + catch_22_quote_2_512_bytes_AES_CBC_ciphertext,
> + QUOTE_512_BYTES,
> + "ciphertext data not as expected");
> +
> + uint8_t *digest = ciphertext + QUOTE_512_BYTES;
> +
> + TEST_ASSERT_BUFFERS_ARE_EQUAL(digest,
> +
> catch_22_quote_2_512_bytes_AES_CBC_HMAC_SHA1_digest,
> + gbl_driver_id == rte_cryptodev_driver_id_get(
> +
> RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD)) ?
> +
> TRUNCATED_DIGEST_BYTE_LENGTH_SHA1 :
> + DIGEST_BYTE_LENGTH_SHA1,
> + "Generated digest data not as expected");
> +
Above check for AESNI_MB not required.
> + return TEST_SUCCESS;
> +}
> +
> +
> /* ***** AES-CBC / HMAC-SHA512 Hash Tests ***** */
>
> #define HMAC_KEY_LENGTH_SHA512 (DIGEST_BYTE_LENGTH_SHA512)
> @@ -15458,6 +15619,8 @@ static struct unit_test_suite
> cryptodev_gen_testsuite = {
> TEST_CASE_ST(ut_setup, ut_teardown, test_stats),
> TEST_CASE_ST(ut_setup, ut_teardown,
> test_enq_callback_setup),
> TEST_CASE_ST(ut_setup, ut_teardown,
> test_deq_callback_setup),
> + TEST_CASE_ST(ut_setup, ut_teardown,
> +
> test_AES_CBC_HMAC_SHA1_encrypt_digest_ext_buffer),
> TEST_CASES_END() /**< NULL terminate unit test array */
> }
> };
> --
> 2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* RE: [EXT] [PATCH 7/8] test/crypto: add external buffer test case
2022-05-13 10:26 ` [EXT] " Akhil Goyal
@ 2022-05-16 7:25 ` Gagandeep Singh
0 siblings, 0 replies; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-16 7:25 UTC (permalink / raw)
To: Akhil Goyal, dev, Power, Ciara, Zhang, Roy Fan
Hi,
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Friday, May 13, 2022 3:57 PM
> To: Gagandeep Singh <G.Singh@nxp.com>; dev@dpdk.org; Power, Ciara
> <ciara.power@intel.com>; Zhang, Roy Fan <roy.fan.zhang@intel.com>
> Subject: RE: [EXT] [PATCH 7/8] test/crypto: add external buffer test case
>
> > Add a test case to verify crypto functionality with external buffer.
> >
> > Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> > ---
> > app/test/test_cryptodev.c | 163
> > ++++++++++++++++++++++++++++++++++++++
> > 1 file changed, 163 insertions(+)
> >
> > diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
> > index 0b53ec0078..b4ffb4fd94 100644
> > --- a/app/test/test_cryptodev.c
> > +++ b/app/test/test_cryptodev.c
> > @@ -2270,6 +2270,167 @@ test_AES_CBC_HMAC_SHA1_encrypt_digest(void)
> > return TEST_SUCCESS;
> > }
> >
> > +static inline void
> > +ext_buf_free_callback_fn(void *addr,
> > + void *ext_buf_ptr __rte_unused)
> > +{
> > + rte_free(addr);
> > +}
> > +
> > +static int
> > +test_AES_CBC_HMAC_SHA1_encrypt_digest_ext_buffer(void)
> > +{
> > + struct crypto_testsuite_params *ts_params = &testsuite_params;
> > + struct crypto_unittest_params *ut_params = &unittest_params;
> > + int status;
> > + void *buf;
> > + rte_iova_t iova;
> > + uint16_t buf_len = QUOTE_1024_BYTES;
> > + struct rte_mbuf_ext_shared_info *shinfo = NULL;
> > + struct rte_mbuf *m;
> > +
> > +
> Extra line
>
> > + /* Verify the capabilities */
> > + struct rte_cryptodev_sym_capability_idx cap_idx;
> > + cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
> > + cap_idx.algo.auth = RTE_CRYPTO_AUTH_SHA1_HMAC;
> > + if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
> > + &cap_idx) == NULL)
> > + return TEST_SKIPPED;
> > + cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
> > + cap_idx.algo.cipher = RTE_CRYPTO_CIPHER_AES_CBC;
> > + if (rte_cryptodev_sym_capability_get(ts_params->valid_devs[0],
> > + &cap_idx) == NULL)
> > + return TEST_SKIPPED;
> Repeated code.
>
> > +
> > + buf = rte_malloc(NULL, buf_len, RTE_CACHE_LINE_SIZE);
> > + if (buf == NULL)
> > + return TEST_SKIPPED;
>
> Why skipped? It is an error if malloc is failed.
>
> > +
> > + rte_memcpy(buf, catch_22_quote, QUOTE_512_BYTES);
> > + shinfo = rte_pktmbuf_ext_shinfo_init_helper(buf, &buf_len,
> > + ext_buf_free_callback_fn, NULL);
> > + if (unlikely(shinfo == NULL)) {
> > + rte_free(buf);
> > + return -1;
> > + }
> > + iova = rte_malloc_virt2iova(buf);
> > + m = rte_pktmbuf_alloc(ts_params->mbuf_pool);
> > + if (m == NULL)
> > + return TEST_SKIPPED;
> Again, it should be TEST_FAILED
>
> > + rte_pktmbuf_attach_extbuf(m, buf, iova, buf_len, shinfo);
> > + rte_pktmbuf_reset_headroom(m);
> > + m->pkt_len = QUOTE_512_BYTES;
> > + m->data_len = QUOTE_512_BYTES;
> Please use proper APIs to append data and increase lengths.
>
> > + m->data_off = 0;
> Why is data off rewritten as 0?
> It is modified by rte_pktmbuf_reset_headroom().
>
> > +
> > + ut_params->ibuf = m;
> > +
> > + ut_params->digest = (uint8_t *)rte_pktmbuf_append(ut_params->ibuf,
> > + DIGEST_BYTE_LENGTH_SHA1);
> > + TEST_ASSERT_NOT_NULL(ut_params->digest, "no room to append
> > digest");
> > +
> > + /* Setup Cipher Parameters */
> > + ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
> > + ut_params->cipher_xform.next = &ut_params->auth_xform;
> > +
> > + ut_params->cipher_xform.cipher.algo =
> > RTE_CRYPTO_CIPHER_AES_CBC;
> > + ut_params->cipher_xform.cipher.op =
> > RTE_CRYPTO_CIPHER_OP_ENCRYPT;
> > + ut_params->cipher_xform.cipher.key.data = aes_cbc_key;
> > + ut_params->cipher_xform.cipher.key.length =
> > CIPHER_KEY_LENGTH_AES_CBC;
> > + ut_params->cipher_xform.cipher.iv.offset = IV_OFFSET;
> > + ut_params->cipher_xform.cipher.iv.length =
> > CIPHER_IV_LENGTH_AES_CBC;
> > +
> > + /* Setup HMAC Parameters */
> > + ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
> > +
> > + ut_params->auth_xform.next = NULL;
> > +
> > + ut_params->auth_xform.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE;
> > + ut_params->auth_xform.auth.algo = RTE_CRYPTO_AUTH_SHA1_HMAC;
> > + ut_params->auth_xform.auth.key.length = HMAC_KEY_LENGTH_SHA1;
> > + ut_params->auth_xform.auth.key.data = hmac_sha1_key;
> > + ut_params->auth_xform.auth.digest_length =
> > DIGEST_BYTE_LENGTH_SHA1;
> > +
> > + ut_params->sess = rte_cryptodev_sym_session_create(
> > + ts_params->session_mpool);
> > + TEST_ASSERT_NOT_NULL(ut_params->sess, "Session creation failed");
> > +
> > + /* Create crypto session*/
> > + status = rte_cryptodev_sym_session_init(ts_params->valid_devs[0],
> > + ut_params->sess, &ut_params->cipher_xform,
> > + ts_params->session_priv_mpool);
> > +
> > + if (status == -ENOTSUP)
> > + return TEST_SKIPPED;
> > +
> > + TEST_ASSERT_EQUAL(status, 0, "Session init failed");
> > +
> > + /* Generate crypto op data structure */
> > + ut_params->op = rte_crypto_op_alloc(ts_params->op_mpool,
> > + RTE_CRYPTO_OP_TYPE_SYMMETRIC);
> > + TEST_ASSERT_NOT_NULL(ut_params->op,
> > + "Failed to allocate symmetric crypto operation struct");
> > +
> > + rte_crypto_op_attach_sym_session(ut_params->op, ut_params->sess);
> > +
> > + struct rte_crypto_sym_op *sym_op = ut_params->op->sym;
> > +
> > + /* set crypto operation source mbuf */
> > + sym_op->m_src = ut_params->ibuf;
> > +
> > + /* Set crypto operation authentication parameters */
> > + sym_op->auth.digest.data = ut_params->digest;
> > + sym_op->auth.digest.phys_addr = rte_pktmbuf_iova_offset(
> > + ut_params->ibuf, QUOTE_512_BYTES);
> > +
> > + sym_op->auth.data.offset = 0;
> > + sym_op->auth.data.length = QUOTE_512_BYTES;
> > +
> > + /* Copy IV at the end of the crypto operation */
> > + rte_memcpy(rte_crypto_op_ctod_offset(ut_params->op, uint8_t *,
> > IV_OFFSET),
> > + aes_cbc_iv, CIPHER_IV_LENGTH_AES_CBC);
> > +
> > + /* Set crypto operation cipher parameters */
> > + sym_op->cipher.data.offset = 0;
> > + sym_op->cipher.data.length = QUOTE_512_BYTES;
> > +
> > + /* Process crypto operation */
> > + if (gbl_action_type == RTE_SECURITY_ACTION_TYPE_CPU_CRYPTO)
> > + process_cpu_crypt_auth_op(ts_params->valid_devs[0],
> > + ut_params->op);
> > + else
> > + TEST_ASSERT_NOT_NULL(
> > + process_crypto_request(ts_params->valid_devs[0],
> > + ut_params->op),
> > + "failed to process sym crypto op");
> > +
> > + TEST_ASSERT_EQUAL(ut_params->op->status,
> > RTE_CRYPTO_OP_STATUS_SUCCESS,
> > + "crypto op processing failed");
> > +
> > + /* Validate obuf */
> > + uint8_t *ciphertext = rte_pktmbuf_mtod(ut_params->op->sym->m_src,
> > + uint8_t *);
> > +
> > + TEST_ASSERT_BUFFERS_ARE_EQUAL(ciphertext,
> > + catch_22_quote_2_512_bytes_AES_CBC_ciphertext,
> > + QUOTE_512_BYTES,
> > + "ciphertext data not as expected");
> > +
> > + uint8_t *digest = ciphertext + QUOTE_512_BYTES;
> > +
> > + TEST_ASSERT_BUFFERS_ARE_EQUAL(digest,
> > +
> > catch_22_quote_2_512_bytes_AES_CBC_HMAC_SHA1_digest,
> > + gbl_driver_id == rte_cryptodev_driver_id_get(
> > +
> > RTE_STR(CRYPTODEV_NAME_AESNI_MB_PMD)) ?
> > +
> > TRUNCATED_DIGEST_BYTE_LENGTH_SHA1 :
> > + DIGEST_BYTE_LENGTH_SHA1,
> > + "Generated digest data not as expected");
> > +
> Above check for AESNI_MB not required.
>
> > + return TEST_SUCCESS;
> > +}
> > +
> > +
> > /* ***** AES-CBC / HMAC-SHA512 Hash Tests ***** */
> >
> > #define HMAC_KEY_LENGTH_SHA512 (DIGEST_BYTE_LENGTH_SHA512) @@
> > -15458,6 +15619,8 @@ static struct unit_test_suite
> > cryptodev_gen_testsuite = {
> > TEST_CASE_ST(ut_setup, ut_teardown, test_stats),
> > TEST_CASE_ST(ut_setup, ut_teardown,
> test_enq_callback_setup),
> > TEST_CASE_ST(ut_setup, ut_teardown,
> test_deq_callback_setup),
> > + TEST_CASE_ST(ut_setup, ut_teardown,
> > +
> > test_AES_CBC_HMAC_SHA1_encrypt_digest_ext_buffer),
> > TEST_CASES_END() /**< NULL terminate unit test array */
> > }
> > };
If you agree, I would like to integrate external buffer testing in blockcipher
test cases so that we can test all other cases as well and there will be no need to add
additional test case. We can simply integrate it by adding additional
"feature_mask" something like BLOCKCIPHER_TEST_FEATURE_EXTERNAL_BUFFER
to the test cases.
I will try to send it as separate patch.
> > --
> > 2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH 8/8] test/crypto: add short MAC-I test vector for zuc
2022-04-25 4:14 [PATCH 1/8] app/test-crypto-perf: improve dequeue logic Gagandeep Singh
` (5 preceding siblings ...)
2022-04-25 4:14 ` [PATCH 7/8] test/crypto: add external buffer test case Gagandeep Singh
@ 2022-04-25 4:14 ` Gagandeep Singh
2022-05-13 10:46 ` [EXT] " Akhil Goyal
2022-05-13 9:46 ` [EXT] [PATCH 1/8] app/test-crypto-perf: improve dequeue logic Akhil Goyal
2022-05-17 3:38 ` [PATCH v2 0/7] Crypto related changes in sample/test apps Gagandeep Singh
8 siblings, 1 reply; 49+ messages in thread
From: Gagandeep Singh @ 2022-04-25 4:14 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh
Add a ZUC based short MAC-I test vector.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
...est_cryptodev_security_pdcp_test_vectors.h | 20 +++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/app/test/test_cryptodev_security_pdcp_test_vectors.h b/app/test/test_cryptodev_security_pdcp_test_vectors.h
index 81fd6e606b..585c10b423 100644
--- a/app/test/test_cryptodev_security_pdcp_test_vectors.h
+++ b/app/test/test_cryptodev_security_pdcp_test_vectors.h
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (C) 2015-2016 Freescale Semiconductor,Inc.
- * Copyright 2018-2021 NXP
+ * Copyright 2018-2022 NXP
*/
#ifndef SECURITY_PDCP_TEST_VECTOR_H_
@@ -128,7 +128,23 @@ static const struct pdcp_short_mac_test list_pdcp_smac_tests[] = {
.data_out = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
0x38, 0x00, 0x00, 0x00, 0x00 },
},
-
+ {
+ .test_idx = 6,
+ .param = {.name = "PDCP-SMAC ZUC",
+ .auth_alg = RTE_CRYPTO_AUTH_ZUC_EIA3,
+ .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+ .auth_key_len = 16,
+ },
+ .auth_key = (uint8_t[]){ 0xB2, 0xA4, 0x73, 0xB6, 0x78, 0x5C,
+ 0x51, 0x8E, 0x9C, 0x1E, 0x9B, 0xC6,
+ 0x66, 0xE4, 0x84, 0x24
+ },
+ .data_in = (uint8_t[]){ 0x00, 0x40, 0x00, 0x00, 0x00, 0x05,
+ 0x09, 0xe4 },
+ .in_len = 8,
+ .data_out = (uint8_t[]){ 0x00, 0x40, 0x00, 0x00, 0x00, 0x05,
+ 0x09, 0xe4, 0xCC, 0x7D, 0xD0, 0xE4 },
+ },
};
static struct pdcp_test_param pdcp_test_params[] = {
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* RE: [EXT] [PATCH 8/8] test/crypto: add short MAC-I test vector for zuc
2022-04-25 4:14 ` [PATCH 8/8] test/crypto: add short MAC-I test vector for zuc Gagandeep Singh
@ 2022-05-13 10:46 ` Akhil Goyal
2022-05-16 7:27 ` Gagandeep Singh
0 siblings, 1 reply; 49+ messages in thread
From: Akhil Goyal @ 2022-05-13 10:46 UTC (permalink / raw)
To: Gagandeep Singh, dev
> Add a ZUC based short MAC-I test vector.
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Only test vector, where is the test case calling this?
> ---
> ...est_cryptodev_security_pdcp_test_vectors.h | 20 +++++++++++++++++--
> 1 file changed, 18 insertions(+), 2 deletions(-)
>
> diff --git a/app/test/test_cryptodev_security_pdcp_test_vectors.h
> b/app/test/test_cryptodev_security_pdcp_test_vectors.h
> index 81fd6e606b..585c10b423 100644
> --- a/app/test/test_cryptodev_security_pdcp_test_vectors.h
> +++ b/app/test/test_cryptodev_security_pdcp_test_vectors.h
> @@ -1,7 +1,7 @@
> /* SPDX-License-Identifier: BSD-3-Clause
> *
> * Copyright (C) 2015-2016 Freescale Semiconductor,Inc.
> - * Copyright 2018-2021 NXP
> + * Copyright 2018-2022 NXP
> */
>
> #ifndef SECURITY_PDCP_TEST_VECTOR_H_
> @@ -128,7 +128,23 @@ static const struct pdcp_short_mac_test
> list_pdcp_smac_tests[] = {
> .data_out = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
> 0x38, 0x00, 0x00, 0x00, 0x00 },
> },
> -
> + {
> + .test_idx = 6,
> + .param = {.name = "PDCP-SMAC ZUC",
> + .auth_alg = RTE_CRYPTO_AUTH_ZUC_EIA3,
> + .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
> + .auth_key_len = 16,
> + },
> + .auth_key = (uint8_t[]){ 0xB2, 0xA4, 0x73, 0xB6, 0x78, 0x5C,
> + 0x51, 0x8E, 0x9C, 0x1E, 0x9B, 0xC6,
> + 0x66, 0xE4, 0x84, 0x24
> + },
> + .data_in = (uint8_t[]){ 0x00, 0x40, 0x00, 0x00, 0x00, 0x05,
> + 0x09, 0xe4 },
> + .in_len = 8,
> + .data_out = (uint8_t[]){ 0x00, 0x40, 0x00, 0x00, 0x00, 0x05,
> + 0x09, 0xe4, 0xCC, 0x7D, 0xD0, 0xE4 },
> + },
> };
>
> static struct pdcp_test_param pdcp_test_params[] = {
> --
> 2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* RE: [EXT] [PATCH 8/8] test/crypto: add short MAC-I test vector for zuc
2022-05-13 10:46 ` [EXT] " Akhil Goyal
@ 2022-05-16 7:27 ` Gagandeep Singh
0 siblings, 0 replies; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-16 7:27 UTC (permalink / raw)
To: Akhil Goyal, dev
Hi
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Friday, May 13, 2022 4:16 PM
> To: Gagandeep Singh <G.Singh@nxp.com>; dev@dpdk.org
> Subject: RE: [EXT] [PATCH 8/8] test/crypto: add short MAC-I test vector for zuc
>
> > Add a ZUC based short MAC-I test vector.
> >
> > Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
>
> Only test vector, where is the test case calling this?
There is test case available in "test_PDCP_PROTO_short_mac"
Which is running all the vectors available in "list_pdcp_smac_tests"
> > ---
> > ...est_cryptodev_security_pdcp_test_vectors.h | 20
> > +++++++++++++++++--
> > 1 file changed, 18 insertions(+), 2 deletions(-)
> >
> > diff --git a/app/test/test_cryptodev_security_pdcp_test_vectors.h
> > b/app/test/test_cryptodev_security_pdcp_test_vectors.h
> > index 81fd6e606b..585c10b423 100644
> > --- a/app/test/test_cryptodev_security_pdcp_test_vectors.h
> > +++ b/app/test/test_cryptodev_security_pdcp_test_vectors.h
> > @@ -1,7 +1,7 @@
> > /* SPDX-License-Identifier: BSD-3-Clause
> > *
> > * Copyright (C) 2015-2016 Freescale Semiconductor,Inc.
> > - * Copyright 2018-2021 NXP
> > + * Copyright 2018-2022 NXP
> > */
> >
> > #ifndef SECURITY_PDCP_TEST_VECTOR_H_
> > @@ -128,7 +128,23 @@ static const struct pdcp_short_mac_test
> > list_pdcp_smac_tests[] = {
> > .data_out = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
> > 0x38, 0x00, 0x00, 0x00, 0x00 },
> > },
> > -
> > + {
> > + .test_idx = 6,
> > + .param = {.name = "PDCP-SMAC ZUC",
> > + .auth_alg = RTE_CRYPTO_AUTH_ZUC_EIA3,
> > + .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
> > + .auth_key_len = 16,
> > + },
> > + .auth_key = (uint8_t[]){ 0xB2, 0xA4, 0x73, 0xB6, 0x78, 0x5C,
> > + 0x51, 0x8E, 0x9C, 0x1E, 0x9B, 0xC6,
> > + 0x66, 0xE4, 0x84, 0x24
> > + },
> > + .data_in = (uint8_t[]){ 0x00, 0x40, 0x00, 0x00, 0x00, 0x05,
> > + 0x09, 0xe4 },
> > + .in_len = 8,
> > + .data_out = (uint8_t[]){ 0x00, 0x40, 0x00, 0x00, 0x00, 0x05,
> > + 0x09, 0xe4, 0xCC, 0x7D, 0xD0, 0xE4 },
> > + },
> > };
> >
> > static struct pdcp_test_param pdcp_test_params[] = {
> > --
> > 2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* RE: [EXT] [PATCH 1/8] app/test-crypto-perf: improve dequeue logic
2022-04-25 4:14 [PATCH 1/8] app/test-crypto-perf: improve dequeue logic Gagandeep Singh
` (6 preceding siblings ...)
2022-04-25 4:14 ` [PATCH 8/8] test/crypto: add short MAC-I test vector for zuc Gagandeep Singh
@ 2022-05-13 9:46 ` Akhil Goyal
2022-05-16 7:14 ` Gagandeep Singh
2022-05-17 3:38 ` [PATCH v2 0/7] Crypto related changes in sample/test apps Gagandeep Singh
8 siblings, 1 reply; 49+ messages in thread
From: Akhil Goyal @ 2022-05-13 9:46 UTC (permalink / raw)
To: Gagandeep Singh, dev, hemant.agrawal; +Cc: Anoob Joseph
Hi Gagan,
> Issue more dequeue commands if the gap between enqueued
> and dequeued packets is more than burst size *8
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> ---
Why is this change required? What gain are we getting?
I see a performance drop due to this patch.
> app/test-crypto-perf/cperf_test_throughput.c | 42 +++++++++++---------
> 1 file changed, 23 insertions(+), 19 deletions(-)
>
> diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-
> perf/cperf_test_throughput.c
> index cecf30e470..5cd8919c91 100644
> --- a/app/test-crypto-perf/cperf_test_throughput.c
> +++ b/app/test-crypto-perf/cperf_test_throughput.c
> @@ -223,26 +223,30 @@ cperf_throughput_test_runner(void *test_ctx)
> ops_unused = burst_size - ops_enqd;
> ops_enqd_total += ops_enqd;
>
> -
> /* Dequeue processed burst of ops from crypto device
> */
> - ops_deqd = rte_cryptodev_dequeue_burst(ctx->dev_id,
> ctx->qp_id,
> - ops_processed, test_burst_size);
> -
> - if (likely(ops_deqd)) {
> - /* Free crypto ops so they can be reused. */
> - rte_mempool_put_bulk(ctx->pool,
> - (void **)ops_processed,
> ops_deqd);
> -
> - ops_deqd_total += ops_deqd;
> - } else {
> - /**
> - * Count dequeue polls which didn't return any
> - * processed operations. This statistic is mainly
> - * relevant to hw accelerators.
> - */
> - ops_deqd_failed++;
> - }
> -
> + do {
> + ops_deqd = rte_cryptodev_dequeue_burst(
> + ctx->dev_id, ctx->qp_id,
> + ops_processed,
> test_burst_size);
> +
> + if (likely(ops_deqd)) {
> + /* Free crypto ops for reuse */
> + rte_mempool_put_bulk(ctx->pool,
> + (void
> **)ops_processed,
> + ops_deqd);
> +
> + ops_deqd_total += ops_deqd;
> + } else {
> + /**
> + * Count dequeue polls which didn't
> + * return any processed operations.
> + * This statistic is mainly relevant
> + * to hw accelerators.
> + */
> + ops_deqd_failed++;
> + }
> + } while (ops_enqd_total - ops_deqd_total >
> + test_burst_size * 8);
> }
>
> /* Dequeue any operations still in the crypto device */
> --
> 2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* RE: [EXT] [PATCH 1/8] app/test-crypto-perf: improve dequeue logic
2022-05-13 9:46 ` [EXT] [PATCH 1/8] app/test-crypto-perf: improve dequeue logic Akhil Goyal
@ 2022-05-16 7:14 ` Gagandeep Singh
2022-05-16 7:26 ` Anoob Joseph
0 siblings, 1 reply; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-16 7:14 UTC (permalink / raw)
To: Akhil Goyal, dev, Hemant Agrawal; +Cc: Anoob Joseph
Hi
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Friday, May 13, 2022 3:17 PM
> To: Gagandeep Singh <G.Singh@nxp.com>; dev@dpdk.org; Hemant Agrawal
> <hemant.agrawal@nxp.com>
> Cc: Anoob Joseph <anoobj@marvell.com>
> Subject: RE: [EXT] [PATCH 1/8] app/test-crypto-perf: improve dequeue logic
>
> Hi Gagan,
> > Issue more dequeue commands if the gap between enqueued
> > and dequeued packets is more than burst size *8
> >
> > Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> > ---
> Why is this change required? What gain are we getting?
> I see a performance drop due to this patch.
Issue is, in case if security engine/driver is slow in processing the
Jobs especially for larger packet sizes then in that case application
will keep enqueuing packets with higher rate than dequeue which
may results in buffer pool exhaustion.
Application has option to increase pool size but that may not be
Helpful for the platforms those with memory constraints.
We can work on limiting the enqueue side instead of keeping the dequeue
to avoid any performance drop due to any empty dequeue.
Dropping this patch from this series. I will update the logic and
will try to send as separate patch.
>
> > app/test-crypto-perf/cperf_test_throughput.c | 42 +++++++++++---------
> > 1 file changed, 23 insertions(+), 19 deletions(-)
> >
> > diff --git a/app/test-crypto-perf/cperf_test_throughput.c b/app/test-crypto-
> > perf/cperf_test_throughput.c
> > index cecf30e470..5cd8919c91 100644
> > --- a/app/test-crypto-perf/cperf_test_throughput.c
> > +++ b/app/test-crypto-perf/cperf_test_throughput.c
> > @@ -223,26 +223,30 @@ cperf_throughput_test_runner(void *test_ctx)
> > ops_unused = burst_size - ops_enqd;
> > ops_enqd_total += ops_enqd;
> >
> > -
> > /* Dequeue processed burst of ops from crypto device
> > */
> > - ops_deqd = rte_cryptodev_dequeue_burst(ctx->dev_id,
> > ctx->qp_id,
> > - ops_processed, test_burst_size);
> > -
> > - if (likely(ops_deqd)) {
> > - /* Free crypto ops so they can be reused. */
> > - rte_mempool_put_bulk(ctx->pool,
> > - (void **)ops_processed,
> > ops_deqd);
> > -
> > - ops_deqd_total += ops_deqd;
> > - } else {
> > - /**
> > - * Count dequeue polls which didn't return any
> > - * processed operations. This statistic is mainly
> > - * relevant to hw accelerators.
> > - */
> > - ops_deqd_failed++;
> > - }
> > -
> > + do {
> > + ops_deqd = rte_cryptodev_dequeue_burst(
> > + ctx->dev_id, ctx->qp_id,
> > + ops_processed,
> > test_burst_size);
> > +
> > + if (likely(ops_deqd)) {
> > + /* Free crypto ops for reuse */
> > + rte_mempool_put_bulk(ctx->pool,
> > + (void
> > **)ops_processed,
> > + ops_deqd);
> > +
> > + ops_deqd_total += ops_deqd;
> > + } else {
> > + /**
> > + * Count dequeue polls which didn't
> > + * return any processed operations.
> > + * This statistic is mainly relevant
> > + * to hw accelerators.
> > + */
> > + ops_deqd_failed++;
> > + }
> > + } while (ops_enqd_total - ops_deqd_total >
> > + test_burst_size * 8);
> > }
> >
> > /* Dequeue any operations still in the crypto device */
> > --
> > 2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* RE: [EXT] [PATCH 1/8] app/test-crypto-perf: improve dequeue logic
2022-05-16 7:14 ` Gagandeep Singh
@ 2022-05-16 7:26 ` Anoob Joseph
2022-05-16 7:54 ` Gagandeep Singh
0 siblings, 1 reply; 49+ messages in thread
From: Anoob Joseph @ 2022-05-16 7:26 UTC (permalink / raw)
To: Gagandeep Singh; +Cc: Akhil Goyal, dev, Hemant Agrawal
Hi Gagandeep,
Please see inline.
Thanks,
Anoob
> -----Original Message-----
> From: Gagandeep Singh <G.Singh@nxp.com>
> Sent: Monday, May 16, 2022 12:44 PM
> To: Akhil Goyal <gakhil@marvell.com>; dev@dpdk.org; Hemant Agrawal
> <hemant.agrawal@nxp.com>
> Cc: Anoob Joseph <anoobj@marvell.com>
> Subject: RE: [EXT] [PATCH 1/8] app/test-crypto-perf: improve dequeue logic
>
> Hi
>
> > -----Original Message-----
> > From: Akhil Goyal <gakhil@marvell.com>
> > Sent: Friday, May 13, 2022 3:17 PM
> > To: Gagandeep Singh <G.Singh@nxp.com>; dev@dpdk.org; Hemant Agrawal
> > <hemant.agrawal@nxp.com>
> > Cc: Anoob Joseph <anoobj@marvell.com>
> > Subject: RE: [EXT] [PATCH 1/8] app/test-crypto-perf: improve dequeue
> > logic
> >
> > Hi Gagan,
> > > Issue more dequeue commands if the gap between enqueued and dequeued
> > > packets is more than burst size *8
> > >
> > > Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> > > ---
> > Why is this change required? What gain are we getting?
> > I see a performance drop due to this patch.
>
> Issue is, in case if security engine/driver is slow in processing the Jobs especially
> for larger packet sizes then in that case application will keep enqueuing packets
> with higher rate than dequeue which may results in buffer pool exhaustion.
> Application has option to increase pool size but that may not be Helpful for the
> platforms those with memory constraints.
[Anoob] Can you elaborate the issue that you are hitting?
>
> We can work on limiting the enqueue side instead of keeping the dequeue to
> avoid any performance drop due to any empty dequeue.
[Anoob] Shouldn't PMD take care of limiting the enqueue side? Application can specify the desired queue depth and when application enqueues beyond that, enqueue API can return 0. Wouldn't that good enough?
>
> Dropping this patch from this series. I will update the logic and will try to send as
> separate patch.
>
> >
> > > app/test-crypto-perf/cperf_test_throughput.c | 42
> > > +++++++++++---------
> > > 1 file changed, 23 insertions(+), 19 deletions(-)
> > >
> > > diff --git a/app/test-crypto-perf/cperf_test_throughput.c
> > > b/app/test-crypto- perf/cperf_test_throughput.c index
> > > cecf30e470..5cd8919c91 100644
> > > --- a/app/test-crypto-perf/cperf_test_throughput.c
> > > +++ b/app/test-crypto-perf/cperf_test_throughput.c
> > > @@ -223,26 +223,30 @@ cperf_throughput_test_runner(void *test_ctx)
> > > ops_unused = burst_size - ops_enqd;
> > > ops_enqd_total += ops_enqd;
> > >
> > > -
> > > /* Dequeue processed burst of ops from crypto device
> */
> > > - ops_deqd = rte_cryptodev_dequeue_burst(ctx->dev_id,
> > > ctx->qp_id,
> > > - ops_processed, test_burst_size);
> > > -
> > > - if (likely(ops_deqd)) {
> > > - /* Free crypto ops so they can be reused. */
> > > - rte_mempool_put_bulk(ctx->pool,
> > > - (void **)ops_processed,
> > > ops_deqd);
> > > -
> > > - ops_deqd_total += ops_deqd;
> > > - } else {
> > > - /**
> > > - * Count dequeue polls which didn't return any
> > > - * processed operations. This statistic is mainly
> > > - * relevant to hw accelerators.
> > > - */
> > > - ops_deqd_failed++;
> > > - }
> > > -
> > > + do {
> > > + ops_deqd = rte_cryptodev_dequeue_burst(
> > > + ctx->dev_id, ctx->qp_id,
> > > + ops_processed,
> > > test_burst_size);
> > > +
> > > + if (likely(ops_deqd)) {
> > > + /* Free crypto ops for reuse */
> > > + rte_mempool_put_bulk(ctx->pool,
> > > + (void
> > > **)ops_processed,
> > > + ops_deqd);
> > > +
> > > + ops_deqd_total += ops_deqd;
> > > + } else {
> > > + /**
> > > + * Count dequeue polls which didn't
> > > + * return any processed operations.
> > > + * This statistic is mainly relevant
> > > + * to hw accelerators.
> > > + */
> > > + ops_deqd_failed++;
> > > + }
> > > + } while (ops_enqd_total - ops_deqd_total >
> > > + test_burst_size * 8);
> > > }
> > >
> > > /* Dequeue any operations still in the crypto device */
> > > --
> > > 2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* RE: [EXT] [PATCH 1/8] app/test-crypto-perf: improve dequeue logic
2022-05-16 7:26 ` Anoob Joseph
@ 2022-05-16 7:54 ` Gagandeep Singh
0 siblings, 0 replies; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-16 7:54 UTC (permalink / raw)
To: Anoob Joseph; +Cc: Akhil Goyal, dev, Hemant Agrawal
Hi,
> -----Original Message-----
> From: Anoob Joseph <anoobj@marvell.com>
> Sent: Monday, May 16, 2022 12:57 PM
> To: Gagandeep Singh <G.Singh@nxp.com>
> Cc: Akhil Goyal <gakhil@marvell.com>; dev@dpdk.org; Hemant Agrawal
> <hemant.agrawal@nxp.com>
> Subject: RE: [EXT] [PATCH 1/8] app/test-crypto-perf: improve dequeue logic
>
> Hi Gagandeep,
>
> Please see inline.
>
> Thanks,
> Anoob
>
> > -----Original Message-----
> > From: Gagandeep Singh <G.Singh@nxp.com>
> > Sent: Monday, May 16, 2022 12:44 PM
> > To: Akhil Goyal <gakhil@marvell.com>; dev@dpdk.org; Hemant Agrawal
> > <hemant.agrawal@nxp.com>
> > Cc: Anoob Joseph <anoobj@marvell.com>
> > Subject: RE: [EXT] [PATCH 1/8] app/test-crypto-perf: improve dequeue
> > logic
> >
> > Hi
> >
> > > -----Original Message-----
> > > From: Akhil Goyal <gakhil@marvell.com>
> > > Sent: Friday, May 13, 2022 3:17 PM
> > > To: Gagandeep Singh <G.Singh@nxp.com>; dev@dpdk.org; Hemant Agrawal
> > > <hemant.agrawal@nxp.com>
> > > Cc: Anoob Joseph <anoobj@marvell.com>
> > > Subject: RE: [EXT] [PATCH 1/8] app/test-crypto-perf: improve dequeue
> > > logic
> > >
> > > Hi Gagan,
> > > > Issue more dequeue commands if the gap between enqueued and
> > > > dequeued packets is more than burst size *8
> > > >
> > > > Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> > > > ---
> > > Why is this change required? What gain are we getting?
> > > I see a performance drop due to this patch.
> >
> > Issue is, in case if security engine/driver is slow in processing the
> > Jobs especially for larger packet sizes then in that case application
> > will keep enqueuing packets with higher rate than dequeue which may results
> in buffer pool exhaustion.
> > Application has option to increase pool size but that may not be
> > Helpful for the platforms those with memory constraints.
>
> [Anoob] Can you elaborate the issue that you are hitting?
>
> >
> > We can work on limiting the enqueue side instead of keeping the
> > dequeue to avoid any performance drop due to any empty dequeue.
>
> [Anoob] Shouldn't PMD take care of limiting the enqueue side? Application can
> specify the desired queue depth and when application enqueues beyond that,
> enqueue API can return 0. Wouldn't that good enough?
Agree. Unfortunately, Currently In the NXP platform drivers like dpaa_sec, caam_jr
not using the API's given queue depth. This is what I will discuss internally to support
this in the PMDs itself to limit the enqueue, if we can do so without impacting
the NXP's PMDs performance.
> >
> > Dropping this patch from this series. I will update the logic and will
> > try to send as separate patch.
> >
> > >
> > > > app/test-crypto-perf/cperf_test_throughput.c | 42
> > > > +++++++++++---------
> > > > 1 file changed, 23 insertions(+), 19 deletions(-)
> > > >
> > > > diff --git a/app/test-crypto-perf/cperf_test_throughput.c
> > > > b/app/test-crypto- perf/cperf_test_throughput.c index
> > > > cecf30e470..5cd8919c91 100644
> > > > --- a/app/test-crypto-perf/cperf_test_throughput.c
> > > > +++ b/app/test-crypto-perf/cperf_test_throughput.c
> > > > @@ -223,26 +223,30 @@ cperf_throughput_test_runner(void *test_ctx)
> > > > ops_unused = burst_size - ops_enqd;
> > > > ops_enqd_total += ops_enqd;
> > > >
> > > > -
> > > > /* Dequeue processed burst of ops from crypto device
> > */
> > > > - ops_deqd = rte_cryptodev_dequeue_burst(ctx->dev_id,
> > > > ctx->qp_id,
> > > > - ops_processed, test_burst_size);
> > > > -
> > > > - if (likely(ops_deqd)) {
> > > > - /* Free crypto ops so they can be reused. */
> > > > - rte_mempool_put_bulk(ctx->pool,
> > > > - (void **)ops_processed,
> > > > ops_deqd);
> > > > -
> > > > - ops_deqd_total += ops_deqd;
> > > > - } else {
> > > > - /**
> > > > - * Count dequeue polls which didn't return any
> > > > - * processed operations. This statistic is mainly
> > > > - * relevant to hw accelerators.
> > > > - */
> > > > - ops_deqd_failed++;
> > > > - }
> > > > -
> > > > + do {
> > > > + ops_deqd = rte_cryptodev_dequeue_burst(
> > > > + ctx->dev_id, ctx->qp_id,
> > > > + ops_processed,
> > > > test_burst_size);
> > > > +
> > > > + if (likely(ops_deqd)) {
> > > > + /* Free crypto ops for reuse */
> > > > + rte_mempool_put_bulk(ctx->pool,
> > > > + (void
> > > > **)ops_processed,
> > > > + ops_deqd);
> > > > +
> > > > + ops_deqd_total += ops_deqd;
> > > > + } else {
> > > > + /**
> > > > + * Count dequeue polls which didn't
> > > > + * return any processed operations.
> > > > + * This statistic is mainly relevant
> > > > + * to hw accelerators.
> > > > + */
> > > > + ops_deqd_failed++;
> > > > + }
> > > > + } while (ops_enqd_total - ops_deqd_total >
> > > > + test_burst_size * 8);
> > > > }
> > > >
> > > > /* Dequeue any operations still in the crypto device */
> > > > --
> > > > 2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH v2 0/7] Crypto related changes in sample/test apps
2022-04-25 4:14 [PATCH 1/8] app/test-crypto-perf: improve dequeue logic Gagandeep Singh
` (7 preceding siblings ...)
2022-05-13 9:46 ` [EXT] [PATCH 1/8] app/test-crypto-perf: improve dequeue logic Akhil Goyal
@ 2022-05-17 3:38 ` Gagandeep Singh
2022-05-17 3:38 ` [PATCH v2 1/7] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh
` (6 more replies)
8 siblings, 7 replies; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-17 3:38 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh
v2-change-log:
* dropped qeueue improve logic in crypto-perf app patch
* removed external buffer patch in this series.
* update documentation.
Gagandeep Singh (7):
app/test-crypto-perf: support SDAP for PDCP operations
examples/ipsec-secgw: support XCBC-MAC/DES-CBC
examples/l2fwd-crypto: add signal handler for exit
test/crypto: fix PMD name for dpaa raw buffer crypto driver
test/crypto: support raw buffer APIs for PDCP
test/crypto: add short MAC-I test vector for zuc
doc: add missing authentication algorithm
app/test-crypto-perf/cperf_ops.c | 1 +
app/test-crypto-perf/cperf_options.h | 2 ++
app/test-crypto-perf/cperf_options_parsing.c | 12 ++++++++++
app/test/test_cryptodev.c | 24 ++++++++++++++++---
...est_cryptodev_security_pdcp_test_vectors.h | 20 ++++++++++++++--
doc/guides/sample_app_ug/ipsec_secgw.rst | 8 +++++--
doc/guides/tools/cryptoperf.rst | 4 ++++
examples/ipsec-secgw/esp.c | 5 ++++
examples/ipsec-secgw/sa.c | 8 +++++++
examples/l2fwd-crypto/main.c | 16 +++++++++++++
10 files changed, 93 insertions(+), 7 deletions(-)
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH v2 1/7] app/test-crypto-perf: support SDAP for PDCP operations
2022-05-17 3:38 ` [PATCH v2 0/7] Crypto related changes in sample/test apps Gagandeep Singh
@ 2022-05-17 3:38 ` Gagandeep Singh
2022-05-20 4:20 ` [PATCH v3 0/7] Crypto related changes in sample/test apps Gagandeep Singh
2022-05-17 3:38 ` [PATCH v2 2/7] examples/ipsec-secgw: support XCBC-MAC/DES-CBC Gagandeep Singh
` (5 subsequent siblings)
6 siblings, 1 reply; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-17 3:38 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh
Add a command line option "--enable-sdap" to enable
Service Data Adaptation Protocol.
example command:
./dpdk-test-crypto-perf -c 0xc --log-level=8 --
--devtype crypto_dpaa2_sec --optype pdcp --cipher-algo aes-ctr
--cipher-op encrypt --auth-algo zuc-eia3 --auth-op generate
--auth-key-sz 16 --ptest throughput --total-ops 100000 --burst-sz 64
--buffer-sz 64,390,1512 --pool-sz 4096 --silent --pdcp-sn-sz 12
--pdcp-domain control --enable-sdap
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
app/test-crypto-perf/cperf_ops.c | 1 +
app/test-crypto-perf/cperf_options.h | 2 ++
app/test-crypto-perf/cperf_options_parsing.c | 12 ++++++++++++
doc/guides/tools/cryptoperf.rst | 4 ++++
4 files changed, 19 insertions(+)
diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index cbefce8d6c..4295656a0b 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -861,6 +861,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
.hfn = options->pdcp_ses_hfn_en ?
PDCP_DEFAULT_HFN : 0,
.hfn_threshold = 0x70C0A,
+ .sdap_enabled = options->pdcp_sdap,
.hfn_ovrd = !(options->pdcp_ses_hfn_en),
} },
.crypto_xform = &cipher_xform
diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h
index 09caefde22..613d6d31e2 100644
--- a/app/test-crypto-perf/cperf_options.h
+++ b/app/test-crypto-perf/cperf_options.h
@@ -14,6 +14,7 @@
#define CPERF_PTEST_TYPE ("ptest")
#define CPERF_MODEX_LEN ("modex-len")
#define CPERF_SILENT ("silent")
+#define CPERF_ENABLE_SDAP ("enable-sdap")
#define CPERF_POOL_SIZE ("pool-sz")
#define CPERF_TOTAL_OPS ("total-ops")
@@ -129,6 +130,7 @@ struct cperf_options {
#ifdef RTE_LIB_SECURITY
uint16_t pdcp_sn_sz;
uint16_t pdcp_ses_hfn_en;
+ uint16_t pdcp_sdap;
enum rte_security_pdcp_domain pdcp_domain;
uint16_t docsis_hdr_sz;
#endif
diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index 09c98121c8..28680347f1 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -64,6 +64,7 @@ usage(char *progname)
" --pdcp-sn-sz N: set PDCP SN size N <5/7/12/15/18>\n"
" --pdcp-domain DOMAIN: set PDCP domain <control/user>\n"
" --pdcp-ses-hfn-en: enable session based fixed HFN\n"
+ " --enable-sdap: enable sdap\n"
" --docsis-hdr-sz: set DOCSIS header size\n"
#endif
" -h: prints this help\n",
@@ -548,6 +549,15 @@ parse_silent(struct cperf_options *opts,
return 0;
}
+static int
+parse_enable_sdap(struct cperf_options *opts,
+ const char *arg __rte_unused)
+{
+ opts->pdcp_sdap = 1;
+
+ return 0;
+}
+
static int
parse_cipher_algo(struct cperf_options *opts, const char *arg)
{
@@ -879,6 +889,7 @@ static struct option lgopts[] = {
{ CPERF_PDCP_SN_SZ, required_argument, 0, 0 },
{ CPERF_PDCP_DOMAIN, required_argument, 0, 0 },
{ CPERF_PDCP_SES_HFN_EN, no_argument, 0, 0 },
+ { CPERF_ENABLE_SDAP, no_argument, 0, 0 },
{ CPERF_DOCSIS_HDR_SZ, required_argument, 0, 0 },
#endif
{ CPERF_CSV, no_argument, 0, 0},
@@ -994,6 +1005,7 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options *opts)
{ CPERF_PDCP_SN_SZ, parse_pdcp_sn_sz },
{ CPERF_PDCP_DOMAIN, parse_pdcp_domain },
{ CPERF_PDCP_SES_HFN_EN, parse_pdcp_ses_hfn_en },
+ { CPERF_ENABLE_SDAP, parse_enable_sdap },
{ CPERF_DOCSIS_HDR_SZ, parse_docsis_hdr_sz },
#endif
{ CPERF_CSV, parse_csv_friendly},
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index cf3b147213..c77e253417 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -332,6 +332,10 @@ The following are the application command-line options:
Enable fixed session based HFN instead of per packet HFN.
+* ``--enable-sdap``
+
+ Enable Service Data Adaptation Protocol.
+
* ``--modex-len <n>``
Set modex length for asymmetric crypto perf test.
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH v3 0/7] Crypto related changes in sample/test apps
2022-05-17 3:38 ` [PATCH v2 1/7] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh
@ 2022-05-20 4:20 ` Gagandeep Singh
2022-05-20 4:20 ` [PATCH v3 1/7] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh
` (6 more replies)
0 siblings, 7 replies; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-20 4:20 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh
v2-change-log:
* dropped qeueue improve logic in crypto-perf app patch
* removed external buffer patch in this series.
* update documentation.
v3-change-log:
* update signal handler's variable in l2fwd-crypto
Gagandeep Singh (7):
app/test-crypto-perf: support SDAP for PDCP operations
examples/ipsec-secgw: support XCBC-MAC/DES-CBC
examples/l2fwd-crypto: add signal handler for exit
test/crypto: fix PMD name for dpaa raw buffer crypto driver
test/crypto: support raw buffer APIs for PDCP
test/crypto: add short MAC-I test vector for zuc
doc: add missing authentication algorithm
app/test-crypto-perf/cperf_ops.c | 1 +
app/test-crypto-perf/cperf_options.h | 2 ++
app/test-crypto-perf/cperf_options_parsing.c | 12 ++++++++++
app/test/test_cryptodev.c | 24 ++++++++++++++++---
...est_cryptodev_security_pdcp_test_vectors.h | 20 ++++++++++++++--
doc/guides/sample_app_ug/ipsec_secgw.rst | 8 +++++--
doc/guides/tools/cryptoperf.rst | 4 ++++
examples/ipsec-secgw/esp.c | 5 ++++
examples/ipsec-secgw/sa.c | 8 +++++++
examples/l2fwd-crypto/main.c | 16 +++++++++++++
10 files changed, 93 insertions(+), 7 deletions(-)
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH v3 1/7] app/test-crypto-perf: support SDAP for PDCP operations
2022-05-20 4:20 ` [PATCH v3 0/7] Crypto related changes in sample/test apps Gagandeep Singh
@ 2022-05-20 4:20 ` Gagandeep Singh
2022-05-26 13:52 ` [EXT] " Akhil Goyal
2022-06-06 4:00 ` [PATCH v4] " Gagandeep Singh
2022-05-20 4:20 ` [PATCH v3 2/7] examples/ipsec-secgw: support XCBC-MAC/DES-CBC Gagandeep Singh
` (5 subsequent siblings)
6 siblings, 2 replies; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-20 4:20 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh
Add a command line option "--enable-sdap" to enable
Service Data Adaptation Protocol.
example command:
./dpdk-test-crypto-perf -c 0xc --log-level=8 --
--devtype crypto_dpaa2_sec --optype pdcp --cipher-algo aes-ctr
--cipher-op encrypt --auth-algo zuc-eia3 --auth-op generate
--auth-key-sz 16 --ptest throughput --total-ops 100000 --burst-sz 64
--buffer-sz 64,390,1512 --pool-sz 4096 --silent --pdcp-sn-sz 12
--pdcp-domain control --enable-sdap
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
app/test-crypto-perf/cperf_ops.c | 1 +
app/test-crypto-perf/cperf_options.h | 2 ++
app/test-crypto-perf/cperf_options_parsing.c | 12 ++++++++++++
doc/guides/tools/cryptoperf.rst | 4 ++++
4 files changed, 19 insertions(+)
diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index cbefce8d6c..4295656a0b 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -861,6 +861,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
.hfn = options->pdcp_ses_hfn_en ?
PDCP_DEFAULT_HFN : 0,
.hfn_threshold = 0x70C0A,
+ .sdap_enabled = options->pdcp_sdap,
.hfn_ovrd = !(options->pdcp_ses_hfn_en),
} },
.crypto_xform = &cipher_xform
diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h
index 09caefde22..613d6d31e2 100644
--- a/app/test-crypto-perf/cperf_options.h
+++ b/app/test-crypto-perf/cperf_options.h
@@ -14,6 +14,7 @@
#define CPERF_PTEST_TYPE ("ptest")
#define CPERF_MODEX_LEN ("modex-len")
#define CPERF_SILENT ("silent")
+#define CPERF_ENABLE_SDAP ("enable-sdap")
#define CPERF_POOL_SIZE ("pool-sz")
#define CPERF_TOTAL_OPS ("total-ops")
@@ -129,6 +130,7 @@ struct cperf_options {
#ifdef RTE_LIB_SECURITY
uint16_t pdcp_sn_sz;
uint16_t pdcp_ses_hfn_en;
+ uint16_t pdcp_sdap;
enum rte_security_pdcp_domain pdcp_domain;
uint16_t docsis_hdr_sz;
#endif
diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index 09c98121c8..28680347f1 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -64,6 +64,7 @@ usage(char *progname)
" --pdcp-sn-sz N: set PDCP SN size N <5/7/12/15/18>\n"
" --pdcp-domain DOMAIN: set PDCP domain <control/user>\n"
" --pdcp-ses-hfn-en: enable session based fixed HFN\n"
+ " --enable-sdap: enable sdap\n"
" --docsis-hdr-sz: set DOCSIS header size\n"
#endif
" -h: prints this help\n",
@@ -548,6 +549,15 @@ parse_silent(struct cperf_options *opts,
return 0;
}
+static int
+parse_enable_sdap(struct cperf_options *opts,
+ const char *arg __rte_unused)
+{
+ opts->pdcp_sdap = 1;
+
+ return 0;
+}
+
static int
parse_cipher_algo(struct cperf_options *opts, const char *arg)
{
@@ -879,6 +889,7 @@ static struct option lgopts[] = {
{ CPERF_PDCP_SN_SZ, required_argument, 0, 0 },
{ CPERF_PDCP_DOMAIN, required_argument, 0, 0 },
{ CPERF_PDCP_SES_HFN_EN, no_argument, 0, 0 },
+ { CPERF_ENABLE_SDAP, no_argument, 0, 0 },
{ CPERF_DOCSIS_HDR_SZ, required_argument, 0, 0 },
#endif
{ CPERF_CSV, no_argument, 0, 0},
@@ -994,6 +1005,7 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options *opts)
{ CPERF_PDCP_SN_SZ, parse_pdcp_sn_sz },
{ CPERF_PDCP_DOMAIN, parse_pdcp_domain },
{ CPERF_PDCP_SES_HFN_EN, parse_pdcp_ses_hfn_en },
+ { CPERF_ENABLE_SDAP, parse_enable_sdap },
{ CPERF_DOCSIS_HDR_SZ, parse_docsis_hdr_sz },
#endif
{ CPERF_CSV, parse_csv_friendly},
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index cf3b147213..c77e253417 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -332,6 +332,10 @@ The following are the application command-line options:
Enable fixed session based HFN instead of per packet HFN.
+* ``--enable-sdap``
+
+ Enable Service Data Adaptation Protocol.
+
* ``--modex-len <n>``
Set modex length for asymmetric crypto perf test.
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* RE: [EXT] [PATCH v3 1/7] app/test-crypto-perf: support SDAP for PDCP operations
2022-05-20 4:20 ` [PATCH v3 1/7] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh
@ 2022-05-26 13:52 ` Akhil Goyal
2022-05-30 4:31 ` Gagandeep Singh
2022-06-06 4:00 ` [PATCH v4] " Gagandeep Singh
1 sibling, 1 reply; 49+ messages in thread
From: Akhil Goyal @ 2022-05-26 13:52 UTC (permalink / raw)
To: Gagandeep Singh, dev
> Add a command line option "--enable-sdap" to enable
> Service Data Adaptation Protocol.
>
> example command:
> ./dpdk-test-crypto-perf -c 0xc --log-level=8 --
> --devtype crypto_dpaa2_sec --optype pdcp --cipher-algo aes-ctr
> --cipher-op encrypt --auth-algo zuc-eia3 --auth-op generate
> --auth-key-sz 16 --ptest throughput --total-ops 100000 --burst-sz 64
> --buffer-sz 64,390,1512 --pool-sz 4096 --silent --pdcp-sn-sz 12
> --pdcp-domain control --enable-sdap
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> ---
> app/test-crypto-perf/cperf_ops.c | 1 +
> app/test-crypto-perf/cperf_options.h | 2 ++
> app/test-crypto-perf/cperf_options_parsing.c | 12 ++++++++++++
> doc/guides/tools/cryptoperf.rst | 4 ++++
> 4 files changed, 19 insertions(+)
>
> diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
> index cbefce8d6c..4295656a0b 100644
> --- a/app/test-crypto-perf/cperf_ops.c
> +++ b/app/test-crypto-perf/cperf_ops.c
> @@ -861,6 +861,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
> .hfn = options->pdcp_ses_hfn_en ?
> PDCP_DEFAULT_HFN : 0,
> .hfn_threshold = 0x70C0A,
> + .sdap_enabled = options->pdcp_sdap,
> .hfn_ovrd = !(options->pdcp_ses_hfn_en),
> } },
> .crypto_xform = &cipher_xform
> diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-
> perf/cperf_options.h
> index 09caefde22..613d6d31e2 100644
> --- a/app/test-crypto-perf/cperf_options.h
> +++ b/app/test-crypto-perf/cperf_options.h
> @@ -14,6 +14,7 @@
> #define CPERF_PTEST_TYPE ("ptest")
> #define CPERF_MODEX_LEN ("modex-len")
> #define CPERF_SILENT ("silent")
> +#define CPERF_ENABLE_SDAP ("enable-sdap")
>
> #define CPERF_POOL_SIZE ("pool-sz")
> #define CPERF_TOTAL_OPS ("total-ops")
> @@ -129,6 +130,7 @@ struct cperf_options {
> #ifdef RTE_LIB_SECURITY
> uint16_t pdcp_sn_sz;
> uint16_t pdcp_ses_hfn_en;
> + uint16_t pdcp_sdap;
> enum rte_security_pdcp_domain pdcp_domain;
> uint16_t docsis_hdr_sz;
> #endif
> diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-
> perf/cperf_options_parsing.c
> index 09c98121c8..28680347f1 100644
> --- a/app/test-crypto-perf/cperf_options_parsing.c
> +++ b/app/test-crypto-perf/cperf_options_parsing.c
> @@ -64,6 +64,7 @@ usage(char *progname)
> " --pdcp-sn-sz N: set PDCP SN size N <5/7/12/15/18>\n"
> " --pdcp-domain DOMAIN: set PDCP domain <control/user>\n"
> " --pdcp-ses-hfn-en: enable session based fixed HFN\n"
> + " --enable-sdap: enable sdap\n"
> " --docsis-hdr-sz: set DOCSIS header size\n"
> #endif
> " -h: prints this help\n",
> @@ -548,6 +549,15 @@ parse_silent(struct cperf_options *opts,
> return 0;
> }
>
> +static int
> +parse_enable_sdap(struct cperf_options *opts,
> + const char *arg __rte_unused)
> +{
> + opts->pdcp_sdap = 1;
> +
> + return 0;
> +}
You should also set a default value of this flag.
^ permalink raw reply [flat|nested] 49+ messages in thread
* RE: [EXT] [PATCH v3 1/7] app/test-crypto-perf: support SDAP for PDCP operations
2022-05-26 13:52 ` [EXT] " Akhil Goyal
@ 2022-05-30 4:31 ` Gagandeep Singh
2022-05-30 6:04 ` Akhil Goyal
0 siblings, 1 reply; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-30 4:31 UTC (permalink / raw)
To: Akhil Goyal, dev
Hi,
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Thursday, May 26, 2022 7:23 PM
> To: Gagandeep Singh <G.Singh@nxp.com>; dev@dpdk.org
> Subject: RE: [EXT] [PATCH v3 1/7] app/test-crypto-perf: support SDAP for PDCP
> operations
>
> > Add a command line option "--enable-sdap" to enable Service Data
> > Adaptation Protocol.
> >
> > example command:
> > ./dpdk-test-crypto-perf -c 0xc --log-level=8 -- --devtype
> > crypto_dpaa2_sec --optype pdcp --cipher-algo aes-ctr --cipher-op
> > encrypt --auth-algo zuc-eia3 --auth-op generate --auth-key-sz 16
> > --ptest throughput --total-ops 100000 --burst-sz 64 --buffer-sz
> > 64,390,1512 --pool-sz 4096 --silent --pdcp-sn-sz 12 --pdcp-domain
> > control --enable-sdap
> >
> > Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> > ---
> > app/test-crypto-perf/cperf_ops.c | 1 +
> > app/test-crypto-perf/cperf_options.h | 2 ++
> > app/test-crypto-perf/cperf_options_parsing.c | 12 ++++++++++++
> > doc/guides/tools/cryptoperf.rst | 4 ++++
> > 4 files changed, 19 insertions(+)
> >
> > diff --git a/app/test-crypto-perf/cperf_ops.c
> > b/app/test-crypto-perf/cperf_ops.c
> > index cbefce8d6c..4295656a0b 100644
> > --- a/app/test-crypto-perf/cperf_ops.c
> > +++ b/app/test-crypto-perf/cperf_ops.c
> > @@ -861,6 +861,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
> > .hfn = options->pdcp_ses_hfn_en ?
> > PDCP_DEFAULT_HFN : 0,
> > .hfn_threshold = 0x70C0A,
> > + .sdap_enabled = options->pdcp_sdap,
> > .hfn_ovrd = !(options->pdcp_ses_hfn_en),
> > } },
> > .crypto_xform = &cipher_xform
> > diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-
> > perf/cperf_options.h index 09caefde22..613d6d31e2 100644
> > --- a/app/test-crypto-perf/cperf_options.h
> > +++ b/app/test-crypto-perf/cperf_options.h
> > @@ -14,6 +14,7 @@
> > #define CPERF_PTEST_TYPE ("ptest")
> > #define CPERF_MODEX_LEN ("modex-len")
> > #define CPERF_SILENT ("silent")
> > +#define CPERF_ENABLE_SDAP ("enable-sdap")
> >
> > #define CPERF_POOL_SIZE ("pool-sz")
> > #define CPERF_TOTAL_OPS ("total-ops")
> > @@ -129,6 +130,7 @@ struct cperf_options { #ifdef RTE_LIB_SECURITY
> > uint16_t pdcp_sn_sz;
> > uint16_t pdcp_ses_hfn_en;
> > + uint16_t pdcp_sdap;
> > enum rte_security_pdcp_domain pdcp_domain;
> > uint16_t docsis_hdr_sz;
> > #endif
> > diff --git a/app/test-crypto-perf/cperf_options_parsing.c
> > b/app/test-crypto- perf/cperf_options_parsing.c index
> > 09c98121c8..28680347f1 100644
> > --- a/app/test-crypto-perf/cperf_options_parsing.c
> > +++ b/app/test-crypto-perf/cperf_options_parsing.c
> > @@ -64,6 +64,7 @@ usage(char *progname)
> > " --pdcp-sn-sz N: set PDCP SN size N <5/7/12/15/18>\n"
> > " --pdcp-domain DOMAIN: set PDCP domain <control/user>\n"
> > " --pdcp-ses-hfn-en: enable session based fixed HFN\n"
> > + " --enable-sdap: enable sdap\n"
> > " --docsis-hdr-sz: set DOCSIS header size\n"
> > #endif
> > " -h: prints this help\n",
> > @@ -548,6 +549,15 @@ parse_silent(struct cperf_options *opts,
> > return 0;
> > }
> >
> > +static int
> > +parse_enable_sdap(struct cperf_options *opts,
> > + const char *arg __rte_unused)
> > +{
> > + opts->pdcp_sdap = 1;
> > +
> > + return 0;
> > +}
>
> You should also set a default value of this flag.
Default functionality is disable SDAP. Application is defining the cperf options with all values 0s in its main(): "struct cperf_options opts = {0};". Is n't it sufficient?
^ permalink raw reply [flat|nested] 49+ messages in thread
* RE: [EXT] [PATCH v3 1/7] app/test-crypto-perf: support SDAP for PDCP operations
2022-05-30 4:31 ` Gagandeep Singh
@ 2022-05-30 6:04 ` Akhil Goyal
2022-05-31 18:14 ` Akhil Goyal
0 siblings, 1 reply; 49+ messages in thread
From: Akhil Goyal @ 2022-05-30 6:04 UTC (permalink / raw)
To: Gagandeep Singh, dev
> > > Add a command line option "--enable-sdap" to enable Service Data
> > > Adaptation Protocol.
> > >
> > > example command:
> > > ./dpdk-test-crypto-perf -c 0xc --log-level=8 -- --devtype
> > > crypto_dpaa2_sec --optype pdcp --cipher-algo aes-ctr --cipher-op
> > > encrypt --auth-algo zuc-eia3 --auth-op generate --auth-key-sz 16
> > > --ptest throughput --total-ops 100000 --burst-sz 64 --buffer-sz
> > > 64,390,1512 --pool-sz 4096 --silent --pdcp-sn-sz 12 --pdcp-domain
> > > control --enable-sdap
> > >
> > > Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> > > ---
> > > app/test-crypto-perf/cperf_ops.c | 1 +
> > > app/test-crypto-perf/cperf_options.h | 2 ++
> > > app/test-crypto-perf/cperf_options_parsing.c | 12 ++++++++++++
> > > doc/guides/tools/cryptoperf.rst | 4 ++++
> > > 4 files changed, 19 insertions(+)
> > >
> > > diff --git a/app/test-crypto-perf/cperf_ops.c
> > > b/app/test-crypto-perf/cperf_ops.c
> > > index cbefce8d6c..4295656a0b 100644
> > > --- a/app/test-crypto-perf/cperf_ops.c
> > > +++ b/app/test-crypto-perf/cperf_ops.c
> > > @@ -861,6 +861,7 @@ cperf_create_session(struct rte_mempool
> *sess_mp,
> > > .hfn = options->pdcp_ses_hfn_en ?
> > > PDCP_DEFAULT_HFN : 0,
> > > .hfn_threshold = 0x70C0A,
> > > + .sdap_enabled = options->pdcp_sdap,
> > > .hfn_ovrd = !(options->pdcp_ses_hfn_en),
> > > } },
> > > .crypto_xform = &cipher_xform
> > > diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-
> > > perf/cperf_options.h index 09caefde22..613d6d31e2 100644
> > > --- a/app/test-crypto-perf/cperf_options.h
> > > +++ b/app/test-crypto-perf/cperf_options.h
> > > @@ -14,6 +14,7 @@
> > > #define CPERF_PTEST_TYPE ("ptest")
> > > #define CPERF_MODEX_LEN ("modex-len")
> > > #define CPERF_SILENT ("silent")
> > > +#define CPERF_ENABLE_SDAP ("enable-sdap")
> > >
> > > #define CPERF_POOL_SIZE ("pool-sz")
> > > #define CPERF_TOTAL_OPS ("total-ops")
> > > @@ -129,6 +130,7 @@ struct cperf_options { #ifdef RTE_LIB_SECURITY
> > > uint16_t pdcp_sn_sz;
> > > uint16_t pdcp_ses_hfn_en;
> > > + uint16_t pdcp_sdap;
> > > enum rte_security_pdcp_domain pdcp_domain;
> > > uint16_t docsis_hdr_sz;
> > > #endif
> > > diff --git a/app/test-crypto-perf/cperf_options_parsing.c
> > > b/app/test-crypto- perf/cperf_options_parsing.c index
> > > 09c98121c8..28680347f1 100644
> > > --- a/app/test-crypto-perf/cperf_options_parsing.c
> > > +++ b/app/test-crypto-perf/cperf_options_parsing.c
> > > @@ -64,6 +64,7 @@ usage(char *progname)
> > > " --pdcp-sn-sz N: set PDCP SN size N <5/7/12/15/18>\n"
> > > " --pdcp-domain DOMAIN: set PDCP domain <control/user>\n"
> > > " --pdcp-ses-hfn-en: enable session based fixed HFN\n"
> > > + " --enable-sdap: enable sdap\n"
> > > " --docsis-hdr-sz: set DOCSIS header size\n"
> > > #endif
> > > " -h: prints this help\n",
> > > @@ -548,6 +549,15 @@ parse_silent(struct cperf_options *opts,
> > > return 0;
> > > }
> > >
> > > +static int
> > > +parse_enable_sdap(struct cperf_options *opts,
> > > + const char *arg __rte_unused)
> > > +{
> > > + opts->pdcp_sdap = 1;
> > > +
> > > + return 0;
> > > +}
> >
> > You should also set a default value of this flag.
>
> Default functionality is disable SDAP. Application is defining the cperf options
> with all values 0s in its main(): "struct cperf_options opts = {0};". Is n't it
> sufficient?
It would be good to initialize that with other options. It will help in debugging and
Improve code readability.
Please add it in cperf_options_default() as it is done for other PDCP options.
^ permalink raw reply [flat|nested] 49+ messages in thread
* RE: [EXT] [PATCH v3 1/7] app/test-crypto-perf: support SDAP for PDCP operations
2022-05-30 6:04 ` Akhil Goyal
@ 2022-05-31 18:14 ` Akhil Goyal
0 siblings, 0 replies; 49+ messages in thread
From: Akhil Goyal @ 2022-05-31 18:14 UTC (permalink / raw)
To: Akhil Goyal, Gagandeep Singh, dev
> > > You should also set a default value of this flag.
> >
> > Default functionality is disable SDAP. Application is defining the cperf options
> > with all values 0s in its main(): "struct cperf_options opts = {0};". Is n't it
> > sufficient?
> It would be good to initialize that with other options. It will help in debugging
> and
> Improve code readability.
> Please add it in cperf_options_default() as it is done for other PDCP options.
>
Please send v4 of this patch as standalone patch. The rest of the patches have been
Applied to dpdk-next-crypto
Thanks.
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH v4] app/test-crypto-perf: support SDAP for PDCP operations
2022-05-20 4:20 ` [PATCH v3 1/7] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh
2022-05-26 13:52 ` [EXT] " Akhil Goyal
@ 2022-06-06 4:00 ` Gagandeep Singh
2022-06-15 16:06 ` [EXT] " Akhil Goyal
1 sibling, 1 reply; 49+ messages in thread
From: Gagandeep Singh @ 2022-06-06 4:00 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh
Add a command line option "--enable-sdap" to enable
Service Data Adaptation Protocol.
example command:
./dpdk-test-crypto-perf -c 0xc --log-level=8 --
--devtype crypto_dpaa2_sec --optype pdcp --cipher-algo aes-ctr
--cipher-op encrypt --auth-algo zuc-eia3 --auth-op generate
--auth-key-sz 16 --ptest throughput --total-ops 100000 --burst-sz 64
--buffer-sz 64,390,1512 --pool-sz 4096 --silent --pdcp-sn-sz 12
--pdcp-domain control --enable-sdap
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
v2-change-log:
* dropped qeueue improve logic in crypto-perf app patch
* removed external buffer patch in this series.
* update documentation.
v3-change-log:
* update signal handler's variable in l2fwd-crypto
v4-change-log:
* added default value for sdap option.
* Sending standalone patch as all other patches
have been applied.
---
app/test-crypto-perf/cperf_ops.c | 1 +
app/test-crypto-perf/cperf_options.h | 2 ++
app/test-crypto-perf/cperf_options_parsing.c | 13 +++++++++++++
doc/guides/tools/cryptoperf.rst | 4 ++++
4 files changed, 20 insertions(+)
diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index cbefce8d6c..4295656a0b 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -861,6 +861,7 @@ cperf_create_session(struct rte_mempool *sess_mp,
.hfn = options->pdcp_ses_hfn_en ?
PDCP_DEFAULT_HFN : 0,
.hfn_threshold = 0x70C0A,
+ .sdap_enabled = options->pdcp_sdap,
.hfn_ovrd = !(options->pdcp_ses_hfn_en),
} },
.crypto_xform = &cipher_xform
diff --git a/app/test-crypto-perf/cperf_options.h b/app/test-crypto-perf/cperf_options.h
index 09caefde22..613d6d31e2 100644
--- a/app/test-crypto-perf/cperf_options.h
+++ b/app/test-crypto-perf/cperf_options.h
@@ -14,6 +14,7 @@
#define CPERF_PTEST_TYPE ("ptest")
#define CPERF_MODEX_LEN ("modex-len")
#define CPERF_SILENT ("silent")
+#define CPERF_ENABLE_SDAP ("enable-sdap")
#define CPERF_POOL_SIZE ("pool-sz")
#define CPERF_TOTAL_OPS ("total-ops")
@@ -129,6 +130,7 @@ struct cperf_options {
#ifdef RTE_LIB_SECURITY
uint16_t pdcp_sn_sz;
uint16_t pdcp_ses_hfn_en;
+ uint16_t pdcp_sdap;
enum rte_security_pdcp_domain pdcp_domain;
uint16_t docsis_hdr_sz;
#endif
diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index 09c98121c8..55b43efe19 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -64,6 +64,7 @@ usage(char *progname)
" --pdcp-sn-sz N: set PDCP SN size N <5/7/12/15/18>\n"
" --pdcp-domain DOMAIN: set PDCP domain <control/user>\n"
" --pdcp-ses-hfn-en: enable session based fixed HFN\n"
+ " --enable-sdap: enable sdap\n"
" --docsis-hdr-sz: set DOCSIS header size\n"
#endif
" -h: prints this help\n",
@@ -548,6 +549,15 @@ parse_silent(struct cperf_options *opts,
return 0;
}
+static int
+parse_enable_sdap(struct cperf_options *opts,
+ const char *arg __rte_unused)
+{
+ opts->pdcp_sdap = 1;
+
+ return 0;
+}
+
static int
parse_cipher_algo(struct cperf_options *opts, const char *arg)
{
@@ -879,6 +889,7 @@ static struct option lgopts[] = {
{ CPERF_PDCP_SN_SZ, required_argument, 0, 0 },
{ CPERF_PDCP_DOMAIN, required_argument, 0, 0 },
{ CPERF_PDCP_SES_HFN_EN, no_argument, 0, 0 },
+ { CPERF_ENABLE_SDAP, no_argument, 0, 0 },
{ CPERF_DOCSIS_HDR_SZ, required_argument, 0, 0 },
#endif
{ CPERF_CSV, no_argument, 0, 0},
@@ -951,6 +962,7 @@ cperf_options_default(struct cperf_options *opts)
opts->pdcp_sn_sz = 12;
opts->pdcp_domain = RTE_SECURITY_PDCP_MODE_CONTROL;
opts->pdcp_ses_hfn_en = 0;
+ opts->pdcp_sdap = 0;
opts->docsis_hdr_sz = 17;
#endif
opts->modex_data = (struct cperf_modex_test_data *)&modex_perf_data[0];
@@ -994,6 +1006,7 @@ cperf_opts_parse_long(int opt_idx, struct cperf_options *opts)
{ CPERF_PDCP_SN_SZ, parse_pdcp_sn_sz },
{ CPERF_PDCP_DOMAIN, parse_pdcp_domain },
{ CPERF_PDCP_SES_HFN_EN, parse_pdcp_ses_hfn_en },
+ { CPERF_ENABLE_SDAP, parse_enable_sdap },
{ CPERF_DOCSIS_HDR_SZ, parse_docsis_hdr_sz },
#endif
{ CPERF_CSV, parse_csv_friendly},
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index cf3b147213..c77e253417 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -332,6 +332,10 @@ The following are the application command-line options:
Enable fixed session based HFN instead of per packet HFN.
+* ``--enable-sdap``
+
+ Enable Service Data Adaptation Protocol.
+
* ``--modex-len <n>``
Set modex length for asymmetric crypto perf test.
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* RE: [EXT] [PATCH v4] app/test-crypto-perf: support SDAP for PDCP operations
2022-06-06 4:00 ` [PATCH v4] " Gagandeep Singh
@ 2022-06-15 16:06 ` Akhil Goyal
0 siblings, 0 replies; 49+ messages in thread
From: Akhil Goyal @ 2022-06-15 16:06 UTC (permalink / raw)
To: Gagandeep Singh, dev
> Add a command line option "--enable-sdap" to enable
> Service Data Adaptation Protocol.
>
> example command:
> ./dpdk-test-crypto-perf -c 0xc --log-level=8 --
> --devtype crypto_dpaa2_sec --optype pdcp --cipher-algo aes-ctr
> --cipher-op encrypt --auth-algo zuc-eia3 --auth-op generate
> --auth-key-sz 16 --ptest throughput --total-ops 100000 --burst-sz 64
> --buffer-sz 64,390,1512 --pool-sz 4096 --silent --pdcp-sn-sz 12
> --pdcp-domain control --enable-sdap
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Applied to dpdk-next-crypto
Thanks.
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH v3 2/7] examples/ipsec-secgw: support XCBC-MAC/DES-CBC
2022-05-20 4:20 ` [PATCH v3 0/7] Crypto related changes in sample/test apps Gagandeep Singh
2022-05-20 4:20 ` [PATCH v3 1/7] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh
@ 2022-05-20 4:20 ` Gagandeep Singh
2022-05-26 13:54 ` [EXT] " Akhil Goyal
2022-05-20 4:21 ` [PATCH v3 3/7] examples/l2fwd-crypto: add signal handler for exit Gagandeep Singh
` (4 subsequent siblings)
6 siblings, 1 reply; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-20 4:20 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh
ipsec-secgw application is updated to support
DES-CBC ciphering and XCBC-MAC authentication
based IPsec functionality.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/sample_app_ug/ipsec_secgw.rst | 7 +++++--
examples/ipsec-secgw/esp.c | 5 +++++
examples/ipsec-secgw/sa.c | 8 ++++++++
3 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index d93acf0667..5cb6a69a27 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -115,8 +115,9 @@ Constraints
* No IPv6 options headers.
* No AH mode.
-* Supported algorithms: AES-CBC, AES-CTR, AES-GCM, 3DES-CBC, HMAC-SHA1,
- AES-GMAC, AES_CTR, AES_XCBC_MAC, AES_CCM, CHACHA20_POLY1305 and NULL.
+* Supported algorithms: AES-CBC, AES-CTR, AES-GCM, 3DES-CBC, DES-CBC,
+ HMAC-SHA1, AES-GMAC, AES_CTR, AES_XCBC_MAC, AES_CCM, CHACHA20_POLY1305
+ and NULL.
* Each SA must be handle by a unique lcore (*1 RX queue per port*).
Compiling the Application
@@ -566,6 +567,7 @@ where each options means:
* *aes-256-cbc*: AES-CBC 256-bit algorithm
* *aes-128-ctr*: AES-CTR 128-bit algorithm
* *3des-cbc*: 3DES-CBC 192-bit algorithm
+ * *des-cbc*: DES-CBC 64-bit algorithm
* Syntax: *cipher_algo <your algorithm>*
@@ -593,6 +595,7 @@ where each options means:
* *null*: NULL algorithm
* *sha1-hmac*: HMAC SHA1 algorithm
+ * *aes-xcbc-mac*: AES XCBC MAC algorithm
``<auth_key>``
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index bd233752c8..b72a5604c8 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -100,6 +100,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
switch (sa->cipher_algo) {
case RTE_CRYPTO_CIPHER_NULL:
+ case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CBC:
/* Copy IV at the end of crypto operation */
@@ -121,6 +122,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
case RTE_CRYPTO_AUTH_NULL:
case RTE_CRYPTO_AUTH_SHA1_HMAC:
case RTE_CRYPTO_AUTH_SHA256_HMAC:
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
sym_cop->auth.data.offset = ip_hdr_len;
sym_cop->auth.data.length = sizeof(struct rte_esp_hdr) +
sa->iv_len + payload_len;
@@ -336,6 +338,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
} else {
switch (sa->cipher_algo) {
case RTE_CRYPTO_CIPHER_NULL:
+ case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CBC:
memset(iv, 0, sa->iv_len);
@@ -399,6 +402,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
} else {
switch (sa->cipher_algo) {
case RTE_CRYPTO_CIPHER_NULL:
+ case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CBC:
sym_cop->cipher.data.offset = ip_hdr_len +
@@ -431,6 +435,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
case RTE_CRYPTO_AUTH_NULL:
case RTE_CRYPTO_AUTH_SHA1_HMAC:
case RTE_CRYPTO_AUTH_SHA256_HMAC:
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
sym_cop->auth.data.offset = ip_hdr_len;
sym_cop->auth.data.length = sizeof(struct rte_esp_hdr) +
sa->iv_len + pad_payload_len;
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 3b0bc5a2cf..0b27f11fc0 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -119,6 +119,13 @@ const struct supported_cipher_algo cipher_algos[] = {
.iv_len = 8,
.block_size = 8,
.key_len = 24
+ },
+ {
+ .keyword = "des-cbc",
+ .algo = RTE_CRYPTO_CIPHER_DES_CBC,
+ .iv_len = 8,
+ .block_size = 8,
+ .key_len = 8
}
};
@@ -1311,6 +1318,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
} else {
switch (sa->cipher_algo) {
case RTE_CRYPTO_CIPHER_NULL:
+ case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CBC:
case RTE_CRYPTO_CIPHER_AES_CTR:
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH v3 3/7] examples/l2fwd-crypto: add signal handler for exit
2022-05-20 4:20 ` [PATCH v3 0/7] Crypto related changes in sample/test apps Gagandeep Singh
2022-05-20 4:20 ` [PATCH v3 1/7] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh
2022-05-20 4:20 ` [PATCH v3 2/7] examples/ipsec-secgw: support XCBC-MAC/DES-CBC Gagandeep Singh
@ 2022-05-20 4:21 ` Gagandeep Singh
2022-05-26 13:55 ` [EXT] " Akhil Goyal
2022-05-20 4:21 ` [PATCH v3 4/7] test/crypto: fix PMD name for dpaa raw buffer crypto driver Gagandeep Singh
` (3 subsequent siblings)
6 siblings, 1 reply; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-20 4:21 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh
Handle SIGINT and SIGTERM signals.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
examples/l2fwd-crypto/main.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index b1e2613ccf..bf4b862379 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -18,6 +18,7 @@
#include <getopt.h>
#include <fcntl.h>
#include <unistd.h>
+#include <signal.h>
#include <rte_string_fns.h>
#include <rte_branch_prediction.h>
@@ -256,6 +257,9 @@ struct l2fwd_crypto_statistics crypto_statistics[RTE_CRYPTO_MAX_DEVS];
#define MAX_TIMER_PERIOD 86400UL /* 1 day max */
#define DEFAULT_TIMER_PERIOD 10UL
+/* Global signal */
+static volatile bool signal_received;
+
/* Print out statistics on packets dropped */
static void
print_stats(void)
@@ -922,6 +926,8 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
nb_rx = rte_eth_rx_burst(portid, 0,
pkts_burst, MAX_PKT_BURST);
+ if (unlikely(signal_received))
+ return;
port_statistics[portid].rx += nb_rx;
@@ -2760,6 +2766,13 @@ reserve_key_memory(struct l2fwd_crypto_options *options)
options->aad.phys_addr = rte_malloc_virt2iova(options->aad.data);
}
+static void
+raise_signal(int signum)
+{
+ if (signum == SIGINT || signum == SIGTERM)
+ signal_received = true;
+}
+
int
main(int argc, char **argv)
{
@@ -2772,6 +2785,9 @@ main(int argc, char **argv)
int ret, enabled_cdevcount, enabled_portcount;
uint8_t enabled_cdevs[RTE_CRYPTO_MAX_DEVS] = {0};
+ signal(SIGINT, raise_signal);
+ signal(SIGTERM, raise_signal);
+
/* init EAL */
ret = rte_eal_init(argc, argv);
if (ret < 0)
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* RE: [EXT] [PATCH v3 3/7] examples/l2fwd-crypto: add signal handler for exit
2022-05-20 4:21 ` [PATCH v3 3/7] examples/l2fwd-crypto: add signal handler for exit Gagandeep Singh
@ 2022-05-26 13:55 ` Akhil Goyal
0 siblings, 0 replies; 49+ messages in thread
From: Akhil Goyal @ 2022-05-26 13:55 UTC (permalink / raw)
To: Gagandeep Singh, dev, Stephen Hemminger
Hi Stephen,
> Handle SIGINT and SIGTERM signals.
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> ---
Do you have more comments on this? If not, can you please ack?
> examples/l2fwd-crypto/main.c | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
>
> diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
> index b1e2613ccf..bf4b862379 100644
> --- a/examples/l2fwd-crypto/main.c
> +++ b/examples/l2fwd-crypto/main.c
> @@ -18,6 +18,7 @@
> #include <getopt.h>
> #include <fcntl.h>
> #include <unistd.h>
> +#include <signal.h>
>
> #include <rte_string_fns.h>
> #include <rte_branch_prediction.h>
> @@ -256,6 +257,9 @@ struct l2fwd_crypto_statistics
> crypto_statistics[RTE_CRYPTO_MAX_DEVS];
> #define MAX_TIMER_PERIOD 86400UL /* 1 day max */
> #define DEFAULT_TIMER_PERIOD 10UL
>
> +/* Global signal */
> +static volatile bool signal_received;
> +
> /* Print out statistics on packets dropped */
> static void
> print_stats(void)
> @@ -922,6 +926,8 @@ l2fwd_main_loop(struct l2fwd_crypto_options
> *options)
>
> nb_rx = rte_eth_rx_burst(portid, 0,
> pkts_burst, MAX_PKT_BURST);
> + if (unlikely(signal_received))
> + return;
>
> port_statistics[portid].rx += nb_rx;
>
> @@ -2760,6 +2766,13 @@ reserve_key_memory(struct l2fwd_crypto_options
> *options)
> options->aad.phys_addr = rte_malloc_virt2iova(options->aad.data);
> }
>
> +static void
> +raise_signal(int signum)
> +{
> + if (signum == SIGINT || signum == SIGTERM)
> + signal_received = true;
> +}
> +
> int
> main(int argc, char **argv)
> {
> @@ -2772,6 +2785,9 @@ main(int argc, char **argv)
> int ret, enabled_cdevcount, enabled_portcount;
> uint8_t enabled_cdevs[RTE_CRYPTO_MAX_DEVS] = {0};
>
> + signal(SIGINT, raise_signal);
> + signal(SIGTERM, raise_signal);
> +
> /* init EAL */
> ret = rte_eal_init(argc, argv);
> if (ret < 0)
> --
> 2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH v3 4/7] test/crypto: fix PMD name for dpaa raw buffer crypto driver
2022-05-20 4:20 ` [PATCH v3 0/7] Crypto related changes in sample/test apps Gagandeep Singh
` (2 preceding siblings ...)
2022-05-20 4:21 ` [PATCH v3 3/7] examples/l2fwd-crypto: add signal handler for exit Gagandeep Singh
@ 2022-05-20 4:21 ` Gagandeep Singh
2022-05-26 13:56 ` [EXT] " Akhil Goyal
2022-05-20 4:21 ` [PATCH v3 5/7] test/crypto: support raw buffer APIs for PDCP Gagandeep Singh
` (2 subsequent siblings)
6 siblings, 1 reply; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-20 4:21 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh, stable
PMD name for DPAA raw buffer crypto driver test cases is
updated with correct name.
Fixes: cd8166c28cd1 ("test/crypto: add raw API test for dpaax")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
app/test/test_cryptodev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 4ffaadc008..7c5d55368b 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -16588,7 +16588,7 @@ test_cryptodev_dpaa2_sec_raw_api(void)
static int
test_cryptodev_dpaa_sec_raw_api(void)
{
- static const char *pmd_name = RTE_STR(CRYPTODEV_NAME_DPAA2_SEC_PMD);
+ static const char *pmd_name = RTE_STR(CRYPTODEV_NAME_DPAA_SEC_PMD);
int ret;
ret = require_feature_flag(pmd_name, RTE_CRYPTODEV_FF_SYM_RAW_DP,
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH v3 5/7] test/crypto: support raw buffer APIs for PDCP
2022-05-20 4:20 ` [PATCH v3 0/7] Crypto related changes in sample/test apps Gagandeep Singh
` (3 preceding siblings ...)
2022-05-20 4:21 ` [PATCH v3 4/7] test/crypto: fix PMD name for dpaa raw buffer crypto driver Gagandeep Singh
@ 2022-05-20 4:21 ` Gagandeep Singh
2022-05-26 13:58 ` [EXT] " Akhil Goyal
2022-05-20 4:21 ` [PATCH v3 6/7] test/crypto: add short MAC-I test vector for zuc Gagandeep Singh
2022-05-20 4:21 ` [PATCH v3 7/7] doc: add missing authentication algorithm Gagandeep Singh
6 siblings, 1 reply; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-20 4:21 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh
This patch supports raw buffer APIs testing for
PDCP test cases.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
app/test/test_cryptodev.c | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 7c5d55368b..524019ce0e 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -8370,6 +8370,11 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
struct rte_security_ctx *ctx = (struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(
ts_params->valid_devs[0]);
+ struct rte_cryptodev_info dev_info;
+ uint64_t feat_flags;
+
+ rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+ feat_flags = dev_info.feature_flags;
/* Verify the capabilities */
struct rte_security_capability_idx sec_cap_idx;
@@ -8391,6 +8396,11 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
input_vec_len);
memcpy(plaintext, input_vec, input_vec_len);
+ if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
+ (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
+ printf("Device does not support RAW data-path APIs.\n");
+ return TEST_SKIPPED;
+ }
/* Out of place support */
if (oop) {
/*
@@ -8483,8 +8493,16 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
ut_params->op->sym->m_dst = ut_params->obuf;
/* Process crypto operation */
- if (process_crypto_request(ts_params->valid_devs[0], ut_params->op)
- == NULL) {
+ if (global_api_test_type == CRYPTODEV_RAW_API_TEST) {
+ /* filling lengths */
+ ut_params->op->sym->cipher.data.length = ut_params->op->sym->m_src->pkt_len;
+ ut_params->op->sym->auth.data.length = ut_params->op->sym->m_src->pkt_len;
+ process_sym_raw_dp_op(ts_params->valid_devs[0], 0,
+ ut_params->op, 1, 1, 0, 0);
+ } else {
+ ut_params->op = process_crypto_request(ts_params->valid_devs[0], ut_params->op);
+ }
+ if (ut_params->op == NULL) {
printf("TestCase %s()-%d line %d failed %s: ",
__func__, i, __LINE__,
"failed to process sym crypto op");
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH v3 6/7] test/crypto: add short MAC-I test vector for zuc
2022-05-20 4:20 ` [PATCH v3 0/7] Crypto related changes in sample/test apps Gagandeep Singh
` (4 preceding siblings ...)
2022-05-20 4:21 ` [PATCH v3 5/7] test/crypto: support raw buffer APIs for PDCP Gagandeep Singh
@ 2022-05-20 4:21 ` Gagandeep Singh
2022-05-26 13:59 ` [EXT] " Akhil Goyal
2022-05-20 4:21 ` [PATCH v3 7/7] doc: add missing authentication algorithm Gagandeep Singh
6 siblings, 1 reply; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-20 4:21 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh
Add a ZUC based short MAC-I test vector.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
...est_cryptodev_security_pdcp_test_vectors.h | 20 +++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/app/test/test_cryptodev_security_pdcp_test_vectors.h b/app/test/test_cryptodev_security_pdcp_test_vectors.h
index 81fd6e606b..585c10b423 100644
--- a/app/test/test_cryptodev_security_pdcp_test_vectors.h
+++ b/app/test/test_cryptodev_security_pdcp_test_vectors.h
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (C) 2015-2016 Freescale Semiconductor,Inc.
- * Copyright 2018-2021 NXP
+ * Copyright 2018-2022 NXP
*/
#ifndef SECURITY_PDCP_TEST_VECTOR_H_
@@ -128,7 +128,23 @@ static const struct pdcp_short_mac_test list_pdcp_smac_tests[] = {
.data_out = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
0x38, 0x00, 0x00, 0x00, 0x00 },
},
-
+ {
+ .test_idx = 6,
+ .param = {.name = "PDCP-SMAC ZUC",
+ .auth_alg = RTE_CRYPTO_AUTH_ZUC_EIA3,
+ .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+ .auth_key_len = 16,
+ },
+ .auth_key = (uint8_t[]){ 0xB2, 0xA4, 0x73, 0xB6, 0x78, 0x5C,
+ 0x51, 0x8E, 0x9C, 0x1E, 0x9B, 0xC6,
+ 0x66, 0xE4, 0x84, 0x24
+ },
+ .data_in = (uint8_t[]){ 0x00, 0x40, 0x00, 0x00, 0x00, 0x05,
+ 0x09, 0xe4 },
+ .in_len = 8,
+ .data_out = (uint8_t[]){ 0x00, 0x40, 0x00, 0x00, 0x00, 0x05,
+ 0x09, 0xe4, 0xCC, 0x7D, 0xD0, 0xE4 },
+ },
};
static struct pdcp_test_param pdcp_test_params[] = {
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH v3 7/7] doc: add missing authentication algorithm
2022-05-20 4:20 ` [PATCH v3 0/7] Crypto related changes in sample/test apps Gagandeep Singh
` (5 preceding siblings ...)
2022-05-20 4:21 ` [PATCH v3 6/7] test/crypto: add short MAC-I test vector for zuc Gagandeep Singh
@ 2022-05-20 4:21 ` Gagandeep Singh
2022-05-26 14:00 ` [EXT] " Akhil Goyal
6 siblings, 1 reply; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-20 4:21 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh, stable
Adding the missing SHA256-HMAC authentication algorithm
in ipsec-secgw guide.
Fixes: b5350285ce6e ("examples/ipsec-secgw: support SHA256 HMAC")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/sample_app_ug/ipsec_secgw.rst | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index 5cb6a69a27..94197a34f0 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -116,8 +116,8 @@ Constraints
* No IPv6 options headers.
* No AH mode.
* Supported algorithms: AES-CBC, AES-CTR, AES-GCM, 3DES-CBC, DES-CBC,
- HMAC-SHA1, AES-GMAC, AES_CTR, AES_XCBC_MAC, AES_CCM, CHACHA20_POLY1305
- and NULL.
+ HMAC-SHA1, HMAC-SHA256, AES-GMAC, AES_CTR, AES_XCBC_MAC, AES_CCM,
+ CHACHA20_POLY1305 and NULL.
* Each SA must be handle by a unique lcore (*1 RX queue per port*).
Compiling the Application
@@ -595,6 +595,7 @@ where each options means:
* *null*: NULL algorithm
* *sha1-hmac*: HMAC SHA1 algorithm
+ * *sha256-hmac*: HMAC SHA256 algorithm
* *aes-xcbc-mac*: AES XCBC MAC algorithm
``<auth_key>``
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH v2 2/7] examples/ipsec-secgw: support XCBC-MAC/DES-CBC
2022-05-17 3:38 ` [PATCH v2 0/7] Crypto related changes in sample/test apps Gagandeep Singh
2022-05-17 3:38 ` [PATCH v2 1/7] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh
@ 2022-05-17 3:38 ` Gagandeep Singh
2022-05-17 3:38 ` [PATCH v2 3/7] examples/l2fwd-crypto: add signal handler for exit Gagandeep Singh
` (4 subsequent siblings)
6 siblings, 0 replies; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-17 3:38 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh
ipsec-secgw application is updated to support
DES-CBC ciphering and XCBC-MAC authentication
based IPsec functionality.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/sample_app_ug/ipsec_secgw.rst | 7 +++++--
examples/ipsec-secgw/esp.c | 5 +++++
examples/ipsec-secgw/sa.c | 8 ++++++++
3 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index d93acf0667..5cb6a69a27 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -115,8 +115,9 @@ Constraints
* No IPv6 options headers.
* No AH mode.
-* Supported algorithms: AES-CBC, AES-CTR, AES-GCM, 3DES-CBC, HMAC-SHA1,
- AES-GMAC, AES_CTR, AES_XCBC_MAC, AES_CCM, CHACHA20_POLY1305 and NULL.
+* Supported algorithms: AES-CBC, AES-CTR, AES-GCM, 3DES-CBC, DES-CBC,
+ HMAC-SHA1, AES-GMAC, AES_CTR, AES_XCBC_MAC, AES_CCM, CHACHA20_POLY1305
+ and NULL.
* Each SA must be handle by a unique lcore (*1 RX queue per port*).
Compiling the Application
@@ -566,6 +567,7 @@ where each options means:
* *aes-256-cbc*: AES-CBC 256-bit algorithm
* *aes-128-ctr*: AES-CTR 128-bit algorithm
* *3des-cbc*: 3DES-CBC 192-bit algorithm
+ * *des-cbc*: DES-CBC 64-bit algorithm
* Syntax: *cipher_algo <your algorithm>*
@@ -593,6 +595,7 @@ where each options means:
* *null*: NULL algorithm
* *sha1-hmac*: HMAC SHA1 algorithm
+ * *aes-xcbc-mac*: AES XCBC MAC algorithm
``<auth_key>``
diff --git a/examples/ipsec-secgw/esp.c b/examples/ipsec-secgw/esp.c
index bd233752c8..b72a5604c8 100644
--- a/examples/ipsec-secgw/esp.c
+++ b/examples/ipsec-secgw/esp.c
@@ -100,6 +100,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
switch (sa->cipher_algo) {
case RTE_CRYPTO_CIPHER_NULL:
+ case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CBC:
/* Copy IV at the end of crypto operation */
@@ -121,6 +122,7 @@ esp_inbound(struct rte_mbuf *m, struct ipsec_sa *sa,
case RTE_CRYPTO_AUTH_NULL:
case RTE_CRYPTO_AUTH_SHA1_HMAC:
case RTE_CRYPTO_AUTH_SHA256_HMAC:
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
sym_cop->auth.data.offset = ip_hdr_len;
sym_cop->auth.data.length = sizeof(struct rte_esp_hdr) +
sa->iv_len + payload_len;
@@ -336,6 +338,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
} else {
switch (sa->cipher_algo) {
case RTE_CRYPTO_CIPHER_NULL:
+ case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CBC:
memset(iv, 0, sa->iv_len);
@@ -399,6 +402,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
} else {
switch (sa->cipher_algo) {
case RTE_CRYPTO_CIPHER_NULL:
+ case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CBC:
sym_cop->cipher.data.offset = ip_hdr_len +
@@ -431,6 +435,7 @@ esp_outbound(struct rte_mbuf *m, struct ipsec_sa *sa,
case RTE_CRYPTO_AUTH_NULL:
case RTE_CRYPTO_AUTH_SHA1_HMAC:
case RTE_CRYPTO_AUTH_SHA256_HMAC:
+ case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
sym_cop->auth.data.offset = ip_hdr_len;
sym_cop->auth.data.length = sizeof(struct rte_esp_hdr) +
sa->iv_len + pad_payload_len;
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 3b0bc5a2cf..0b27f11fc0 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -119,6 +119,13 @@ const struct supported_cipher_algo cipher_algos[] = {
.iv_len = 8,
.block_size = 8,
.key_len = 24
+ },
+ {
+ .keyword = "des-cbc",
+ .algo = RTE_CRYPTO_CIPHER_DES_CBC,
+ .iv_len = 8,
+ .block_size = 8,
+ .key_len = 8
}
};
@@ -1311,6 +1318,7 @@ sa_add_rules(struct sa_ctx *sa_ctx, const struct ipsec_sa entries[],
} else {
switch (sa->cipher_algo) {
case RTE_CRYPTO_CIPHER_NULL:
+ case RTE_CRYPTO_CIPHER_DES_CBC:
case RTE_CRYPTO_CIPHER_3DES_CBC:
case RTE_CRYPTO_CIPHER_AES_CBC:
case RTE_CRYPTO_CIPHER_AES_CTR:
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH v2 3/7] examples/l2fwd-crypto: add signal handler for exit
2022-05-17 3:38 ` [PATCH v2 0/7] Crypto related changes in sample/test apps Gagandeep Singh
2022-05-17 3:38 ` [PATCH v2 1/7] app/test-crypto-perf: support SDAP for PDCP operations Gagandeep Singh
2022-05-17 3:38 ` [PATCH v2 2/7] examples/ipsec-secgw: support XCBC-MAC/DES-CBC Gagandeep Singh
@ 2022-05-17 3:38 ` Gagandeep Singh
2022-05-17 16:32 ` Stephen Hemminger
2022-05-17 3:38 ` [PATCH v2 4/7] test/crypto: fix PMD name for dpaa raw buffer crypto driver Gagandeep Singh
` (3 subsequent siblings)
6 siblings, 1 reply; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-17 3:38 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh
Handle SIGINT and SIGTERM signals.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
examples/l2fwd-crypto/main.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index b1e2613ccf..0a1fc790fc 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -18,6 +18,7 @@
#include <getopt.h>
#include <fcntl.h>
#include <unistd.h>
+#include <signal.h>
#include <rte_string_fns.h>
#include <rte_branch_prediction.h>
@@ -256,6 +257,9 @@ struct l2fwd_crypto_statistics crypto_statistics[RTE_CRYPTO_MAX_DEVS];
#define MAX_TIMER_PERIOD 86400UL /* 1 day max */
#define DEFAULT_TIMER_PERIOD 10UL
+/* Global signal */
+unsigned int signal_received;
+
/* Print out statistics on packets dropped */
static void
print_stats(void)
@@ -922,6 +926,8 @@ l2fwd_main_loop(struct l2fwd_crypto_options *options)
nb_rx = rte_eth_rx_burst(portid, 0,
pkts_burst, MAX_PKT_BURST);
+ if (unlikely(signal_received))
+ return;
port_statistics[portid].rx += nb_rx;
@@ -2760,6 +2766,13 @@ reserve_key_memory(struct l2fwd_crypto_options *options)
options->aad.phys_addr = rte_malloc_virt2iova(options->aad.data);
}
+static void
+raise_signal(int signum)
+{
+ signal_received = 1;
+ printf("Exiting on signal (%d)\n", signum);
+}
+
int
main(int argc, char **argv)
{
@@ -2772,6 +2785,9 @@ main(int argc, char **argv)
int ret, enabled_cdevcount, enabled_portcount;
uint8_t enabled_cdevs[RTE_CRYPTO_MAX_DEVS] = {0};
+ signal(SIGINT, raise_signal);
+ signal(SIGTERM, raise_signal);
+
/* init EAL */
ret = rte_eal_init(argc, argv);
if (ret < 0)
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* Re: [PATCH v2 3/7] examples/l2fwd-crypto: add signal handler for exit
2022-05-17 3:38 ` [PATCH v2 3/7] examples/l2fwd-crypto: add signal handler for exit Gagandeep Singh
@ 2022-05-17 16:32 ` Stephen Hemminger
2022-05-18 4:23 ` Gagandeep Singh
0 siblings, 1 reply; 49+ messages in thread
From: Stephen Hemminger @ 2022-05-17 16:32 UTC (permalink / raw)
To: Gagandeep Singh; +Cc: gakhil, dev
On Tue, 17 May 2022 09:08:54 +0530
Gagandeep Singh <g.singh@nxp.com> wrote:
> Handle SIGINT and SIGTERM signals.
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> ---
> examples/l2fwd-crypto/main.c | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
>
> diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
> index b1e2613ccf..0a1fc790fc 100644
> --- a/examples/l2fwd-crypto/main.c
> +++ b/examples/l2fwd-crypto/main.c
> @@ -18,6 +18,7 @@
> #include <getopt.h>
> #include <fcntl.h>
> #include <unistd.h>
> +#include <signal.h>
>
> #include <rte_string_fns.h>
> #include <rte_branch_prediction.h>
> @@ -256,6 +257,9 @@ struct l2fwd_crypto_statistics crypto_statistics[RTE_CRYPTO_MAX_DEVS];
> #define MAX_TIMER_PERIOD 86400UL /* 1 day max */
> #define DEFAULT_TIMER_PERIOD 10UL
>
> +/* Global signal */
> +unsigned int signal_received;
This won't work as expected.
This kind of flag needs to either be volatile or use explicit atomic builtins
because the compiler and CPU are free to believe that it never changes.
Traditional way to address this would be:
static volatile bool signal_received;
More advanced way would be to use __atomic_load/store builtin.
Also printf() is not technically safe to call from a signal handler.
^ permalink raw reply [flat|nested] 49+ messages in thread
* RE: [PATCH v2 3/7] examples/l2fwd-crypto: add signal handler for exit
2022-05-17 16:32 ` Stephen Hemminger
@ 2022-05-18 4:23 ` Gagandeep Singh
0 siblings, 0 replies; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-18 4:23 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: gakhil, dev
Hi,
> -----Original Message-----
> From: Stephen Hemminger <stephen@networkplumber.org>
> Sent: Tuesday, May 17, 2022 10:02 PM
> To: Gagandeep Singh <G.Singh@nxp.com>
> Cc: gakhil@marvell.com; dev@dpdk.org
> Subject: Re: [PATCH v2 3/7] examples/l2fwd-crypto: add signal handler for exit
>
> On Tue, 17 May 2022 09:08:54 +0530
> Gagandeep Singh <g.singh@nxp.com> wrote:
>
> > Handle SIGINT and SIGTERM signals.
> >
> > Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> > ---
> > examples/l2fwd-crypto/main.c | 16 ++++++++++++++++
> > 1 file changed, 16 insertions(+)
> >
> > diff --git a/examples/l2fwd-crypto/main.c
> > b/examples/l2fwd-crypto/main.c index b1e2613ccf..0a1fc790fc 100644
> > --- a/examples/l2fwd-crypto/main.c
> > +++ b/examples/l2fwd-crypto/main.c
> > @@ -18,6 +18,7 @@
> > #include <getopt.h>
> > #include <fcntl.h>
> > #include <unistd.h>
> > +#include <signal.h>
> >
> > #include <rte_string_fns.h>
> > #include <rte_branch_prediction.h>
> > @@ -256,6 +257,9 @@ struct l2fwd_crypto_statistics
> > crypto_statistics[RTE_CRYPTO_MAX_DEVS];
> > #define MAX_TIMER_PERIOD 86400UL /* 1 day max */ #define
> > DEFAULT_TIMER_PERIOD 10UL
> >
> > +/* Global signal */
> > +unsigned int signal_received;
>
> This won't work as expected.
>
> This kind of flag needs to either be volatile or use explicit atomic builtins
> because the compiler and CPU are free to believe that it never changes.
>
> Traditional way to address this would be:
>
> static volatile bool signal_received;
>
> More advanced way would be to use __atomic_load/store builtin.
>
> Also printf() is not technically safe to call from a signal handler.
Ok, I will update it to "static volatile bool signal_received;" .
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH v2 4/7] test/crypto: fix PMD name for dpaa raw buffer crypto driver
2022-05-17 3:38 ` [PATCH v2 0/7] Crypto related changes in sample/test apps Gagandeep Singh
` (2 preceding siblings ...)
2022-05-17 3:38 ` [PATCH v2 3/7] examples/l2fwd-crypto: add signal handler for exit Gagandeep Singh
@ 2022-05-17 3:38 ` Gagandeep Singh
2022-05-17 3:38 ` [PATCH v2 5/7] test/crypto: support raw buffer APIs for PDCP Gagandeep Singh
` (2 subsequent siblings)
6 siblings, 0 replies; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-17 3:38 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh, stable
PMD name for DPAA raw buffer crypto driver test cases is
updated with correct name.
Fixes: cd8166c28cd1 ("test/crypto: add raw API test for dpaax")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
app/test/test_cryptodev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 4ffaadc008..7c5d55368b 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -16588,7 +16588,7 @@ test_cryptodev_dpaa2_sec_raw_api(void)
static int
test_cryptodev_dpaa_sec_raw_api(void)
{
- static const char *pmd_name = RTE_STR(CRYPTODEV_NAME_DPAA2_SEC_PMD);
+ static const char *pmd_name = RTE_STR(CRYPTODEV_NAME_DPAA_SEC_PMD);
int ret;
ret = require_feature_flag(pmd_name, RTE_CRYPTODEV_FF_SYM_RAW_DP,
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH v2 5/7] test/crypto: support raw buffer APIs for PDCP
2022-05-17 3:38 ` [PATCH v2 0/7] Crypto related changes in sample/test apps Gagandeep Singh
` (3 preceding siblings ...)
2022-05-17 3:38 ` [PATCH v2 4/7] test/crypto: fix PMD name for dpaa raw buffer crypto driver Gagandeep Singh
@ 2022-05-17 3:38 ` Gagandeep Singh
2022-05-17 3:38 ` [PATCH v2 6/7] test/crypto: add short MAC-I test vector for zuc Gagandeep Singh
2022-05-17 3:38 ` [PATCH v2 7/7] doc: add missing authentication algorithm Gagandeep Singh
6 siblings, 0 replies; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-17 3:38 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh
This patch supports raw buffer APIs testing for
PDCP test cases.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
app/test/test_cryptodev.c | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 7c5d55368b..524019ce0e 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -8370,6 +8370,11 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
struct rte_security_ctx *ctx = (struct rte_security_ctx *)
rte_cryptodev_get_sec_ctx(
ts_params->valid_devs[0]);
+ struct rte_cryptodev_info dev_info;
+ uint64_t feat_flags;
+
+ rte_cryptodev_info_get(ts_params->valid_devs[0], &dev_info);
+ feat_flags = dev_info.feature_flags;
/* Verify the capabilities */
struct rte_security_capability_idx sec_cap_idx;
@@ -8391,6 +8396,11 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
input_vec_len);
memcpy(plaintext, input_vec, input_vec_len);
+ if ((global_api_test_type == CRYPTODEV_RAW_API_TEST) &&
+ (!(feat_flags & RTE_CRYPTODEV_FF_SYM_RAW_DP))) {
+ printf("Device does not support RAW data-path APIs.\n");
+ return TEST_SKIPPED;
+ }
/* Out of place support */
if (oop) {
/*
@@ -8483,8 +8493,16 @@ static int test_pdcp_proto(int i, int oop, enum rte_crypto_cipher_operation opc,
ut_params->op->sym->m_dst = ut_params->obuf;
/* Process crypto operation */
- if (process_crypto_request(ts_params->valid_devs[0], ut_params->op)
- == NULL) {
+ if (global_api_test_type == CRYPTODEV_RAW_API_TEST) {
+ /* filling lengths */
+ ut_params->op->sym->cipher.data.length = ut_params->op->sym->m_src->pkt_len;
+ ut_params->op->sym->auth.data.length = ut_params->op->sym->m_src->pkt_len;
+ process_sym_raw_dp_op(ts_params->valid_devs[0], 0,
+ ut_params->op, 1, 1, 0, 0);
+ } else {
+ ut_params->op = process_crypto_request(ts_params->valid_devs[0], ut_params->op);
+ }
+ if (ut_params->op == NULL) {
printf("TestCase %s()-%d line %d failed %s: ",
__func__, i, __LINE__,
"failed to process sym crypto op");
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH v2 6/7] test/crypto: add short MAC-I test vector for zuc
2022-05-17 3:38 ` [PATCH v2 0/7] Crypto related changes in sample/test apps Gagandeep Singh
` (4 preceding siblings ...)
2022-05-17 3:38 ` [PATCH v2 5/7] test/crypto: support raw buffer APIs for PDCP Gagandeep Singh
@ 2022-05-17 3:38 ` Gagandeep Singh
2022-05-17 3:38 ` [PATCH v2 7/7] doc: add missing authentication algorithm Gagandeep Singh
6 siblings, 0 replies; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-17 3:38 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh
Add a ZUC based short MAC-I test vector.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
...est_cryptodev_security_pdcp_test_vectors.h | 20 +++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/app/test/test_cryptodev_security_pdcp_test_vectors.h b/app/test/test_cryptodev_security_pdcp_test_vectors.h
index 81fd6e606b..585c10b423 100644
--- a/app/test/test_cryptodev_security_pdcp_test_vectors.h
+++ b/app/test/test_cryptodev_security_pdcp_test_vectors.h
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (C) 2015-2016 Freescale Semiconductor,Inc.
- * Copyright 2018-2021 NXP
+ * Copyright 2018-2022 NXP
*/
#ifndef SECURITY_PDCP_TEST_VECTOR_H_
@@ -128,7 +128,23 @@ static const struct pdcp_short_mac_test list_pdcp_smac_tests[] = {
.data_out = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
0x38, 0x00, 0x00, 0x00, 0x00 },
},
-
+ {
+ .test_idx = 6,
+ .param = {.name = "PDCP-SMAC ZUC",
+ .auth_alg = RTE_CRYPTO_AUTH_ZUC_EIA3,
+ .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+ .auth_key_len = 16,
+ },
+ .auth_key = (uint8_t[]){ 0xB2, 0xA4, 0x73, 0xB6, 0x78, 0x5C,
+ 0x51, 0x8E, 0x9C, 0x1E, 0x9B, 0xC6,
+ 0x66, 0xE4, 0x84, 0x24
+ },
+ .data_in = (uint8_t[]){ 0x00, 0x40, 0x00, 0x00, 0x00, 0x05,
+ 0x09, 0xe4 },
+ .in_len = 8,
+ .data_out = (uint8_t[]){ 0x00, 0x40, 0x00, 0x00, 0x00, 0x05,
+ 0x09, 0xe4, 0xCC, 0x7D, 0xD0, 0xE4 },
+ },
};
static struct pdcp_test_param pdcp_test_params[] = {
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread
* [PATCH v2 7/7] doc: add missing authentication algorithm
2022-05-17 3:38 ` [PATCH v2 0/7] Crypto related changes in sample/test apps Gagandeep Singh
` (5 preceding siblings ...)
2022-05-17 3:38 ` [PATCH v2 6/7] test/crypto: add short MAC-I test vector for zuc Gagandeep Singh
@ 2022-05-17 3:38 ` Gagandeep Singh
6 siblings, 0 replies; 49+ messages in thread
From: Gagandeep Singh @ 2022-05-17 3:38 UTC (permalink / raw)
To: gakhil, dev; +Cc: Gagandeep Singh, stable
Adding the missing SHA256-HMAC authentication algorithm
in ipsec-secgw guide.
Fixes: b5350285ce6e ("examples/ipsec-secgw: support SHA256 HMAC")
Cc: stable@dpdk.org
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
doc/guides/sample_app_ug/ipsec_secgw.rst | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index 5cb6a69a27..94197a34f0 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -116,8 +116,8 @@ Constraints
* No IPv6 options headers.
* No AH mode.
* Supported algorithms: AES-CBC, AES-CTR, AES-GCM, 3DES-CBC, DES-CBC,
- HMAC-SHA1, AES-GMAC, AES_CTR, AES_XCBC_MAC, AES_CCM, CHACHA20_POLY1305
- and NULL.
+ HMAC-SHA1, HMAC-SHA256, AES-GMAC, AES_CTR, AES_XCBC_MAC, AES_CCM,
+ CHACHA20_POLY1305 and NULL.
* Each SA must be handle by a unique lcore (*1 RX queue per port*).
Compiling the Application
@@ -595,6 +595,7 @@ where each options means:
* *null*: NULL algorithm
* *sha1-hmac*: HMAC SHA1 algorithm
+ * *sha256-hmac*: HMAC SHA256 algorithm
* *aes-xcbc-mac*: AES XCBC MAC algorithm
``<auth_key>``
--
2.25.1
^ permalink raw reply [flat|nested] 49+ messages in thread